Magento has officially announced that all versions of Magento 1 will become end of life (EOL) on June 30, 2020. This means that no quality fixes or security patches will be deployed for Magento 1 after this date.
If you are using Magento 1, you will need to migrate to Magento 2 or another platform before June 30, 2020. If you do not, your business could be vulnerable to security breaches, and will not comply with the Payment Card Industry Data Security Standards (PCI DSS).
Impacted Magento 1 versions
All versions of Magento 1 are impacted. This includes Magento Commerce 1 and Magento Open Source 1.
For more information on Magento's software support lifecycle, refer to their Software Lifecycle Policy.
Why you need to migrate
If you continue using Magento 1 after June 30, 2020:
Your risk of a data breach will increase
Magento 1 users will become a security target after June 30, 2020. The damage to your brand and reputation from such a breach can be long-lasting.
You will not be compliant with the Payment Card Industry Data Security Standards (PCI DSS)
The PCI DSS global standards are set by card schemes (such as Visa and Mastercard), and apply to all merchants that process payments. One of these requirements, Requirement 6, is that you will implement security patches to keep your payment-related systems safe and secure.
Recently, Visa has expressed concerns regarding Magento 1 EOL and stress that urgent action is required. They request acquirers, such as Adyen, to encourage their merchants to migrate to a vendor-supported version or alternate platform.
With respect to PCI DSS compliance, they emphasize that failing to migrate off a Magento 1 ecommerce website by June 2020 will cause merchants to fall out of PCI DSS compliance. This is because you will no longer be able to comply with Requirement 6, stating that you "develop and maintain secure systems and applications by installing applicable vendor-supplied security patches". They conclude that in the event of a breach, SME merchants will no longer meet the qualifying criteria for the payment forensic investigation (PFI) ‘Lite’. Instead, you will be expected to hire an external PCI forensic investigator to carry out a full PFI investigation, which is costly and time consuming. PCI forensic investigators can be found here. This information holds true irrespective of your acquirer or PSP.
What you need to do
Before June 30, 2020, you will need to migrate to either:
You can find instructions on how to integrate in our Magento 2 documentation.
- Another platform
For a full list of platforms we support with a plugin, see our Partners page.
If you need technical help with the migration process, contact your IT department or system integrator.