To avoid exposing their stores to Magecart attacks and to remain PCI compliant, Visa is urging merchants to migrate their online stores to Magento 2.x before the Magento 1.x e-commerce platform reaches end-of-life (EoL) in June 2020.
#Visa urges merchants to migrate e-commerce sites to Magento 2.xhttps://t.co/d0cqAXqhfz pic.twitter.com/80oefzC9AH
— John Morgan (@johnmorganFL) April 9, 2020
Magento-based ecommerce sites have been notorious for both first- and third-party code attacks which allow hackers to skim users’ credit card data and personal information. What is for certain is that the moment 1.x becomes obsolete this June, this will create a focus and an opportunity for hackers. Just as engineering teams are dealing with the upgrade to 2.x, hackers will look to exploit these engineers’ lack of familiarity with the new version and any potential zero-day vulnerabilities.
Furthermore, when dealing with third-party hacks and supply-chain infiltrations, the source of the problem is not the code base of the underlying infrastructure of the store. Rather, the source of the tainted code is the dozens of JavaScripts that website owners usually have running on their site. Virtually every commercial website relies on third-party tools such as analytics tags, advertising scripts and live chat widgets to enhance the functionality of their site. All of these scripts vastly increase the attack surface for a website–often unbeknownst to website owners.
Retailers with e-commerce sites that are running Magento 1.x should upgrade, but that is only step one on the path to providing the right security and safety for their users. They need to ensure the security of their entire build and deploy lifecycle to create a safe browsing experience and to protect their customers’ personal data. There are a number of solutions available that add layers of security beyond what Magento provides and can help ensure the integrity of the website.