The New Consequences of Not Migrating
Visa is actively warning merchants to migrate their store to Magento 2.x or switch platforms if they want to remain PCI DSS compliant. Adobe has repeatedly stated that it will not extend support after June 2020, (despite Covid-19) and there will be no more security patches, leaving remaining Magento 1 sites with an increased vulnerability to payment card data security.
The issues are listed below;
- You will fall out of compliance with PCI DSS;
- Your e-commerce site will be more exposed to risks and data compromise due to the lack of security upgrades;
- Without any upgrade or security patches, your ecommerce site may degrade and become unstable;
- The functionality of your store’s extensions or plug-ins may break or become unavailable;
- Over time, Magento migration would be way more costly and developers will only be familiar with Magento 2.
Bear in mind the legal complications should a problem be found, this direct from Visa;
"A member is subject to a non-compliance assessment of $100,000 per incident for failing to adhere to its requirements.” Merchants also need to pay an investigation fee of up to $ 10,000."
What Are My Options?
1. Sticking to Magento
If you are on a Magento 1 build and have not done any planning for your migration, with the timescales involved the best you will be able to do at this stage is a 'lift and shift' into the latest version of Magento 2.
You will need to pay for the developer time and materials to do the DB migration work and the rebuild of your theme, as they are not compatible. Any custom modules will need some level of re-programming to ensure compatibility and the entire build will need to go through a detailed user acceptance testing and QA process.
Furthermore you will need to check whether your existing plugin architecture is supported in Magento 2 and re-purchase the majority of the Magento 1 plugins for them to work in Magento 2.
Once the new site is live you will need to have your developers on hand post launch to apply any 'hot fixes' that might need doing due to the lack of time available to follow the usual fuller QA procedures.
2. Looking at Alternatives
If you are a purely B2C (D2C) merchants, then you have the option of fast tracking into Shopify Plus or Advanced. This is a process that can now be addressed in three fixed programmes known as Shopify Plus Quick Launch, designed to help Magento merchants caught up in the upgrade rush.
For merchants looking to migrate Shopify Plus there are 2 week, 4 week and 8 week programmes available which will allow you to get onto the Shopify Plus platform with your Magento 1 data in place (It may take longer where order history is required) at very attractive rates. We can refer you to the Shopify Plus team if you are interested.
Its worth noting that Shopify Plus is a very friendly merchant focused platform and we have seen a number of our ex-Magento clients moving to Shopify Plus and being a lot happier and more empowered than they were in the Magento environment. Take a look at our cost of ownership section in the Shopify Plus page on our website.
Some of the strengths of the platform are that you will no longer require paid for hosting or security patches, and you can rest assured that everything 'works' out of the box having been fully tested before release by the Shopify team.
For merchants that are looking to move to the standard Shopify platforms this can also be done quickly, although migration can be slower, so for a straightforward migration we would allow 6 weeks.
If you have B2B functionality on your web site, we would still recommend looking at Shopify Plus if it is lightweight, as they have a 'Wholesale' option. Los, they recently acquired Handshake, the B2B ecommerce leaders and are working the key functionality from this provider into the Plus product. However, if you have complex B2B requirements we would still recommend the 'lift and shift' option with Magento 2, and take another look at Shopify Plus in 2021.
We've been working with Magento since 2010 in all versions, and spent several years as a Silver Partner, doing some great work across a broad portfolio of clients. The Magento 2 launch was botched, we know that, as we were at the three day partner training event in London, and we came away knowing that a lot of the enterprise product was vapourware at the time.
The partners and ecosystem of developers were effectively used to make the product better, reporting the myriad of bugs back through the channel and slowly the product got better. The pain of it for us and our merchants resulted in us exiting the partner channel and partnering with Shopify Plus in 2017, something that we and the clients that have made the move have never regretted.
Magento, under its various ownerships, have been telling us since 2015 that M1 would EOL. We've been telling clients since early 2019 that they have to do something about it, and now Adobe have put a line in the sand and they are not moving the EOL date again. This is fair enough, and it stands to reason that card companies are going to follow suit as they need confidence in the platform. Hence the recent warning from Visa, and they won't be alone...
Just remember, as a merchant time is limited, the responsibility of a breach will fall on you, and any PCI investigation will force you to move platforms anyway. The timing of this is horrible, but it can't be helped - they gave over a years notice of the final EOL date.
Please take a serious look at the 'lift and shift' options and the opportunity to migrate to Shopify Plus using the 'Quick Launch' scheme. Whilst Magento 2.3.x is definitely the best version yet, its still a complex beast and not massively merchant friendly, but it is Magento and its the only one you can responsibly use.
If you need an honest conversation with an agency that has worked across both sides of the fence, and continues to do so objectively based on the best interests of our merchants drop us a line and we'll set up a Zoom call.