I have a site that is still running Magento 1.9. I put a lot of time into the current website and have been putting off migrating to another platform. If I have to, I focus heavily on migrating off Magento to Shopify over the next few days, but I was wondering if it’s really necessary. I’ve been putting off taking action for some time, but I just got this warning e-mail from Paypal/Braintree at the beginning of the month that makes it sounds like I need to move off Magento or essentially go out of business! Are there other payment integration options that would allow me to keep running my Magento 1 store? I use Nexcess and apply fixes from their Safe Harbor program.
Here is the content of the e-mail I’m referring to:
We are following up on our previous communications with an urgent reminder that processing transactions with your Magento 1.x integration is no longer PCI Compliant.
Our records indicate your website is using a legacy Magento platform. Legacy Magento platforms have various security vulnerabilities and are no longer compliant with the Payment Card Industry Data Security Standard (“PCI DSS”). Pursuant to your Merchant Agreement with Braintree Payments, you are responsible for ensuring that your payment solution is in compliance with all card brand rules and regulations, including PCI-DSS.
We ask that you complete this upgrade no later than 30 days from this email.
Braintree is required to report your business as “High Risk” to the Card Brands and Regional Acquisition Banking Partners if you continue to process on Magento 1.x. Continuing to process on Magento 1.x will result in a funding hold or suspension of card processing.
Processing with a non-compliant integration can result in financial and operational penalties from the Card Brands that can significantly disrupt your business.
What Action Is Required?
You will need to migrate your e-commerce site to Magento 2 or to another platform as soon as possible. The following resources are available to guide you through the update process:
Follow the instructions on the Magento developer site to set up Braintree payment methods.
Alternate Ecommerce Platform
Please see our Partners page for a list of supported platforms.
How Does This Impact You?
Continuing to process with Magento 1.x puts your business at risk of the following:
Your site is operating as “non-compliant” for failure to adhere to PCI DSS Requirements 6.1 and 6.2
No new code upgrades or security patches will be provided
Your site may degrade and become unstable
Extensions or plug-in functionality may break or become unavailable
Exposure to security risks and increased likelihood of an account data compromise, will result in the need to hire a PCI Forensic Investigator for which you are financially responsible
The ‘Magento Commerce Software End of Support FAQ‘ outlines the merchant responsibility:
“Once a version of Magento Commerce software is no longer supported, it falls out of PCI compliance, and it is your responsibility to re-certify compliance. Merchants may be subject to fines or removal of credit card processing ability if you are unable to update vulnerabilities from regular scans and penetration testing.”
It is vital that you update your integration as soon as possible to avoid any fines or disruptions in processing through your Braintree Gateway.
Please let us know if you have any additional questions.
-The Braintree Team
I know Magento 1 is dated, but surely there are others in the same boat?