1. Non-compliance with the Payment Card Industry Data Security Standards (PCI DSS)
PCI DSS is a global set of security standards adopted by the major card schemes to secure credit card data. All merchants accepting card payments have to be compliant with PCI DSS. You can validate your compliance by completing a Self-Assessment Questionnaire (SAQ) A, please see below for definition. One of the requirements, applicable to all merchants, is that they have to install security patches within one month of release. As of June 1, 2020, Magento 1 will no longer release security updates and thus merchants can no longer comply with this requirement and subsequently are no longer compliant with PCI DSS. If merchants do not comply, it can result in fines from the schemes of between 10,000 and 25,000 EUR per month.
2. Potential data breach
We believe that internet criminals may target Magento 1 users after June 2020 to exploit any perceived security weaknesses. On average, 60% of merchants who suffer a cyberattack, are out of business within six months due to fines and costs incurred. (Source: U.S. National Cyber Security Alliance). If they survive, the damage to their brand and reputation could be long-lasting.