What many of you don’t know is that the consequences of not migrating could have significant consequences to an online business. Let me explain...
When Magento 1 is no longer supported by Magento, unless the community is working hard to provide patches to issues, as an industry, we’re going to see criminals targeting Magento 1 sites even more than they have done - using vulnerabilities that are not getting patched.
Some may see this as an inconvenience, but the issue runs a lot deeper. Let’s start with PCI DSS Compliance.
Merchants who are opting to stay on Magento 1 are actually taking themselves out of PCI DSS alignment and will be considered as non-compliant. This is due to failing to meet the Maintaining a Vulnerability Management Program which is a requirement of the standard.
Requirement 6: Develop and maintain secure systems and applications
Are all system components and software protected from known vulnerabilities by installing applicable vendor-supplied security patches?
Your bank will need you to maintain your PCI DSS compliance, otherwise there are implications on them that will affect you. Specifically:
Let’s take a look into the costs of a data breach to illustrate what you are potentially signing up to by not migrating and keeping current.
The cost of a data breach is significant - let's assume you’re an eCommerce business and your website gets hacked. If you're doing less than 10,000 card transactions a year, then you will likely be requested to do a PFI Lite and your total costs would be €3,000 Visa fee plus ~£3,000 for the forensic investigation.
If you're doing more than 10,000 transactions per year, then the costs are significantly higher - €3,000 Visa fee, forensic investigation £5,000+ and then you will have a liability of €18/card that is considered "At Risk".
Remember, the average time between the criminals breaking in and the website owner realising is 5.5 months, so nearly half a year of transaction data would be stolen - costing you €18/card in Visa liabilities. If you’re doing 10,000 transactions per year, then the liability on cards alone is 4,600 transactions at risk (5.5 months of transactions) at €18/card means you’ll be paying out €82,800 in penalties on top of the forensic costs.
Scary thought, we know.
You may be thinking, what’s the risk? Why would criminals target my business?
The terrible truth is, criminals are looking for easy-to-hack websites. They can automate that search - if you’ve used our free WebScan solution, it will tell you if your website is hacked, missing patches, its risk level etc. Well, criminals build their own scanners and know exactly who to target - it's not personal. If you have not kept your website up to date, you will automatically fall into their “attack list”. Simple as that.
Websites that remain on Magento 1, no matter how small in terms of size will not be eligible for the PFI lite process as the qualifying criteria is fairly strict and non-negotiable.
As an agency/developer, the biggest challenge about this is that your customers can start to point the finger and blame you even though you cannot do anything about Magento not supporting the older platform. It will undoubtedly cause issues if a breach occurs and who knows what the wider implications could be for your business as a result? Do you limit liability in your contracts, for example?
Our recommendations to agencies are simple:
If you haven’t looked at Responsible Commerce yet, it’s well worth your time and consideration to help fund the migration.
Our recommendations to eCommerce owners are:
We’ve partnered with some great companies to offer Responsible eCommerce. Here’s how you can benefit from this solution.
Agencies - you can partner with us and offer the migration service to your customers in an affordable way. In addition to the financial support, you’ll get cybersecurity, a breach security warranty, and support from our partners and us.
eCommerce/Merchant - you’ll get security, scalability, speed, a breach security warranty and the most affordable migration service out there.