You have probably received alarming emails from Visa and PayPal suggesting that your Magento 1 store will no longer be PCI Compliant from 30th June 2020, when Adobe ends support for this platform.
Does that mean that you have to migrate overnight and will no longer be able to accept payment on your Magento 1 store?
Will OneStepCheckout stay safe and allow your Magento 1 stores to process orders and payments after June 30th 2020?
Read on to learn more about the context, what it takes to remain PCI compliant, how OneStepCheckout will keep working for Magento 1, and double check with your payment provider what exact payment methods are affected if any. Most payment gateways offer a wide range of methods within the same payment extension and not all might be affected.
You are not alone: 110,000 Magento 1 are still live today
Sansec, the leader of Magento security created by Willem de Groot, has been crawling Magento stores for malware and Magecart infections since 2015. With all the data they gather, they are able to publish the state of the Magento market better than anyone else.
Your are PCI Compliant if your store is managed by a competent party
We’ve gathered research and statements from various members of the Magento ecosystem that provide more details about how you can keep your Magento 1 store compliant.
1. Recommendations from John Shin – certified PCI assessor
Agency Bestworlds and hosting provider Webscale summoned John Shin, PCI expert, and came up with the recommendation to have enough compensating controls in place such as:
- Added Web Security
- Added Scanning
- Added Monitoring
- Added Planning
2. What are the risks of staying on Magento 1 and why do you have to act now?
Hypernode, a leading hosting provider for Magento stores in Europe helps you understand the key security concerns for stores staying on Magento 1 after end-of-life support by Adobe.
3. How Mage-One supports PCI compliance for Magento 1 stores
Mage-One is a German initiative powered by a bunch of Magento Masters, that provides support for Magento 1 stores after sunset (they work day time too). In their article, they analyse PCI DSS Requirements and conclude that compensating measures provided by their service as well as security measures put in place by relevant hosting companies will do.
4. Avoid hacks and stay PCI compliant
Sansec, the expert in eCommerce fraud, is answering two questions for you:
- Will my Magento 1 store still be secure after July 1st?
- Will it still be PCI compliant, as required by my payment service provider?
As a solution to keep your Magento 1 secure and PCI compliant, Sansec’s monitoring solution will alert you to critical issues in Magento and 3rd party extensions.
Want to try it first? Sansec is offering OneStepCheckout customers a coupon for a free trial. Choose your Sansec product and apply coupon code: OSCM1
5. How Nexcess Safe Harbour makes sure your Magento 1 store stays safe and PCI compliant
Nexcess is a US Based hosting provider that provides an add-on to their shared Magento hosting plan. The product is called Safe Harbor and includes proactive malware scans, advanced threat protection, IP blacklisting, and the ability to test changes in a staging environment to protect your store.
6. How Community led initiatives can help with safety and PCI-DSS compliance
OpenMage LTS is a community-supported fork of Magento 1 which has seen a strong engagement from the community to make significant improvements to the performance, stability and security of your Magento-based shop.
OpenMage works with security experts in the community to respond to vulnerabilities quickly and responsibly to provide you with patches to keep your store safe and help you maintain your PCI-DSS compliance.
Migrating from Magento 1.9 to OpenMage LTS is extremely easy due to the backwards compatibility and you can easily stay up to date using your favorite tools like git and composer.
There are many ways to get involved over at OpenMage where the Magento community is arguably more engaged and transparent than ever before!
7. Jetrails guide to PCI Compliance for Magento 1 merchants
Jetrails is a US based hosting provider that has been focusing on Magento stores since its early days. To support their thousands of Magento 1 customers, they’ve put together a guide detailing what PCI compliance entails and how they can contribute from a hosting perspective.
Will OneStepCheckout continue to accept payments for Magento 1 stores after 30th June 2020?
1. Security of OneStepCheckout after 30th June 2020
We will keep supporting and maintaining OneStepCheckout for Magento 1 as long as our customers need it.
With over 20,000 customers who trust us with their Magento 1 stores checkout, it is our duty to keep supporting the most critical area of their online businesses.
So, after 30th June 2020, our Magento 1 checkout page will still work and allow you to process orders from the checkout on your online store.
2. OneStepCheckout long terms plans for Magento 1
We are here for the long run. We know that it takes time to plan and implement a successful migration to Magento 2 or another platform. According to an internal survey we are expecting 60,000 stores to stay on Magento 1 and around 25% of our 20,000 customer base.
We are keeping the same team dedicated to our Magento 1 extension to support you and improve our product when necessary.
In addition, we are partnering up with Mage-One, which means we will support the security patches they will release to keep your Magento 1 store safe.
Similarly, our close connection to Magento security leaders mentioned above will help us anticipate issues and release new versions accordingly.
3. In doubt, check with your payment provider
OneStepCheckout is the interface that changes how your checkout pages look. Our extension for Magento 1 is integrating with the most popular payment methods in a number of Magento markets.
Now the question is whether your payment method allows you to continue and accept payment on your Magento 1 store. The consensus is that if you provide compensating measures, you should be PCI compliant.
In doubt, our best advice is that you contact your payment provider directly.
As mentioned above, one payment gateway can offer a variety of payment methods which could be impacted or not.
As an example, Ebizmarts will continue to support Magento 1 stores after sunset with their Sage Pay Suite Pro extension.
4. Planning for a Magento 2 migration?
We gathered some tricks and tips to make it as smooth as possible