To Avoid Magecart Attacks, Visa Urges Merchants To Migrate To Magento 2.X – Expert Advise

By   ISBuzz Team
Writer , Information Security Buzz | Apr 10, 2020 11:02 am PST

To avoid exposing their stores to Magecart attacks and to remain PCI compliant, Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Ameet Naik
Ameet Naik , Security Evangelist
April 10, 2020 7:05 pm

Magento-based ecommerce sites have been notorious for both first- and third-party code attacks which allow hackers to skim users’ credit card data and personal information. What is for certain is that the moment 1.x becomes obsolete this June, this will create a focus and an opportunity for hackers. Just as engineering teams are dealing with the upgrade to 2.x, hackers will look to exploit these engineers’ lack of familiarity with the new version and any potential zero-day vulnerabilities.

Furthermore, when dealing with third-party hacks and supply-chain infiltrations, the source of the problem is not the code base of the underlying infrastructure of the store. Rather, the source of the tainted code is the dozens of JavaScripts that website owners usually have running on their site. Virtually every commercial website relies on third-party tools such as analytics tags, advertising scripts and live chat widgets to enhance the functionality of their site. All of these scripts vastly increase the attack surface for a website–often unbeknownst to website owners.

Retailers with e-commerce sites that are running Magento 1.x should upgrade, but that is only step one on the path to providing the right security and safety for their users. They need to ensure the security of their entire build and deploy lifecycle to create a safe browsing experience and to protect their customers’ personal data. There are a number of solutions available that add layers of security beyond what Magento provides and can help ensure the integrity of the website.

Last edited 4 years ago by Ameet Naik

Recent Posts

Would love your thoughts, please comment.x