If you run your website on Magento 1 afterJune 2020, you can be exposed to number of risks, such as:
1. Non-compliance with the Payment Card Industry Data Security Standards (PCI DSS)
PCI DSS is a global set of security standards adopted by the major card schemes to secure credit card data. All merchants accepting card payments have to be compliant with PCI DSS. One of the requirements, applicable to all merchants, is that they have to install security patches within one month of release. As of June 30th, 2020, Magento 1 will no longer release security updates and thus merchants can no longer comply with this requirement and subsequently are no longer compliant with PCI DSS. If merchants do not comply, it can result in fines from the schemes of between 10,000 and 25,000 EUR per month.
2. Potential data breach
Ecommerce sites will be more exposed to security risks and increased likelihood of an account data compromise due to the lack of security upgrades. On average, 60% of merchants who suffer a cyberattack, are out of business within six months due to fines and costs incurred. (Source: U.S. National Cyber Security Alliance). If they survive, the damage to their brand and reputation could be long-lasting.
In the event of a breach, Small Medium Enterprise (SME) merchants continuing to use Magento 1 will no longer meet the qualifying criteria for the payment forensic investigation (PFI) ‘Lite’ and will be expected to hire an external PCI forensic investigator to carry out a full PFI investigation, which is costly and time-consuming.
Without any upgrade or security patches, Magento 1 ecommerce sites may degrade and become unstable. Moreover, extensions or plug-ins functionality may break or become unavailable.
Lastly, over time, Magento developers will only be familiar with Magento 2.