Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Visa Europe revealed important stats about the usage of Contactless Cards. Poland, Spain and the UK use this payment methd the most, with UK usage growing by 300% year over year.
Magento, one of the world's most popular open source e-commerce solutions with over 187,500 active websites today1, will stop issuing operational and security updates and end technical support (End of Life - EOL) for all versions of the 1.x2 branch, including Magento Commerce 1 (formerly known as Enterprise Edition) and Magento Open Source 1 (formerly known as Community Edition) from June 30, 2020, as announced years ago by Adobe, the company that acquired this solution in 2018.
This news is not new, since initially the end date of support for the 1.x platform was November 2018, but it was decided to extend it to allow affected organizations to implement migration strategies.
The goal behind this deadline is to drive the mass migration to Magento version 2, (released in 2015) and allow both Magento developers and extension providers to focus on this version, with many more improvements from an operational and security point of view.
Due to the absence of technical support directly from the manufacturer and the availability of both functionality and security updates, the continued use of Magento 1 from June 2020 will entail:
For all those e-commerce websites using any version of Magento's 1.x branch and that capture, transmit, store and/or process payment card data, the news of the termination of the Magento 1 support implies that their platforms will become obsolete and exposed to risks linked to the exploitation of vulnerabilities that will be detected from June 30 onwards and that will remain uncorrected by the manufacturer. This is a direct violation of requirement 6.2 of PCI DSS:
6.2 Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
On the other hand, reports from quarterly external vulnerability scans (Approved Scanning Vendor - ASV) and annual penetration testing will also identify Magento v1.x as an obsolete platform susceptible to vulnerabilities.
The payment brands had already been announcing the security implications and impact on PCI DSS compliance with the use of Magento 1 after June 2020:
Similarly, different payment providers such as Adyen8 have already notified their users about the problems associated with the use of Magento 1 and the risk this may entail for their payments.
As with any software obsolescence, there are two main alternatives for continuing operation:
Finally, in addition, Advantio recommends:
SOURCES:
[1] Built With: Websites using Magento
https://trends.builtwith.com/websitelist/Magento
[2] Magento Software Lifecycle Policy
https://magento.com/sites/default/files/magento-software-lifecycle-policy.pdf[3] How Extension Developers Can Prepare for M1 End of Life
https://community.magento.com/t5/Magento-DevBlog/How-Extension-Developers-Can-Prepare-for-M1-End-of-Life/ba-p/44621[4] A Deep Dive Into Magecart
https://www.riskiq.com/what-is-magecart/
[5] Magento Commerce Software End of Support FAQ
https://magento.com/sites/default/files8/2019-09/implications-of-unsupported-software-FAQ.pdf
[6] VISA Acquirer Advisory -Urgent Action Required -Magento 1 support to end after June 2020
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
[7] MasterCard - Urgent reminder to acquirers that Magento 1 will no longer be supported by Adobe after June 2020
https://globalrisk.mastercard.com/wp-content/uploads/2020/06/Security-Bulletin-Magento-1.pdf
[8] Adyen Magento 1 end of life
https://docs.adyen.com/plugins/magento-1/magento-1-eol
[9] Magento Commerce migration
https://magento.com/solutions/magento-2-migration
[10] Magento Commerce Cloud
https://magento.com/products/magento-commerce
[11] Magento Open Source migration
https://magento.com/products/magento-open-source
[12] Adobe’s Magento Security Scan
https://docs.magento.com/user-guide/magento/security-scan.html
[13] Magento’s Security Center
https://magento.com/security
[14] Magento Security Alert
https://magento.com/security/sign-up
[15] MageReport
https://www.magereport.com/
I am the Senior Security Consultant in Advantio. I have more than 15 years of experience, working both in South America and Europe. My information security background includes consultancy and audit, training, implementation of security technologies and design and policy development among others.
Certifications: CISSP, CISM, CISA, CRISC, CEH, CHFI, PCI QSA, QSA (P2PE), 3DS Assessor
Comments