In November 2015, Magento made two announcements.

The first was that Magento 2.0 was available for general release.

The second was that Magento 1.x was being sunsetted.  This was subsequently extended from November 2018 to June 2020.

And, nearly 5 years on, you can understand why Adobe Magento is unwilling to further extend the Magento 1 End-of-life date.

But where does this leave merchants who are running their online businesses on Magento 1?


Whilst Magento 1 will continue to function after this date (there will be no ‘millennium bug’ effect happening at midnight), Magento will no longer support the platform, meaning there will be no fixes or security patches released after this date.

Most importantly however is the fact that merchants on Magento 1 will no longer be PCI compliant.

However, you only need to do some light research using search engines to see that there have been many security issues with the platform over the years, whilst it was being supported.

Payment Card Industry Data Security Standards (abbreviatd as PCI DSS) are global standards set by major card providers (American Express, Discover, JCB International, MasterCard and Visa) and are applicable to any merchant – online and offline – who processes payments.

The main requirement merchants on Magento 1 will fail to meet is called Requirement 6.


PCI DSS requirement 6 requires merchants to ‘Develop and maintain secure systems and applications’.

Straight away, by running an ‘application’ (Magento 1) which is not being supported with security patches, etc. the merchant is in breach of Requirement 6, and therefore is not PCI compliant.

PCI DSS requirement 6 requires merchants to ‘Develop and maintain secure systems and applications’.

Visa recently issued a document with advice to merchants accepting Visa card payments and where it urged them to address the issue by migrating away from M1 to avoid falling out of PCI DSS compliance1.


There are several consequences of non-compliance with PCI DSS, which include:

  1. fines ranging from £3,000 to £60,000 ($5,000 to $100,000)
  2. higher merchant processing fees
  3. possible bans from accepting credit/debit cards


PCI compliance isn’t the only issue merchants need to address.

Failure to maintain an up to date platform and ensure any security flaws are fixed can leave the door open for potential security issues such as breaches and hacks.  Data breaches can also have wide ranging consequences and create additional problems for merchants.

Finally there is brand reputation and trust, which is one of the hardest things to maintain and get back.  If the worst should happen and a website falls victim to a data or security breach, customers will lose trust in the website and will be very unwilling to return, meaning a loss of revenue to the business.


There are solutions available for merchants running Magento 1 after the official end-of-life date of 30 June 2020 with developers taking on the support of M1, but ultimately this is just kicking the can down the road.

Magento 1 is an old platform and the latest ecommerce platforms offer not just improved performance but features and functions which meet current consumer trends and needs.


I cannot stress enough the importance of any merchants on Magento 1 to migrate away from the platform before the end of life date to avoid falling out of PCI compliance and avoiding possible security breaches which could have detrimental effects on the business and trust placed in the website by consumers.

A standard migration to Magento 1’s successor will take months and be expensive, with development and customisation costs running into the tens of thousands.  Unfortunately a move from M1 to M2 cannot be achieved with a turnkey, ‘update’ process.

And this is where SaaS platforms that offer faster time to market and lower development and infrastructure costs really demonstrate their value and advantage.

by Luigi