What happens to my PCI compliance after June 2020?

In a recent information shared with acquirers by the card brands (such as Visa) they express concerns regarding Magento 1 EOL and stress that urgent action is required. The card brands request acquirers  to encourage their merchants to migrate to a vendor-supported version or alternate platform. 

With respect to PCI DSS compliance, the card brands express that failing to migrate a Magento 1 ecommerce website by June 2020 will cause the merchant to fall out of PCI DSS compliance. This is because the merchant will no longer be able to comply with "Requirement 6: Develop and maintain secure systems and applications by installing applicable vendor-supplied security patches". Concluding that in the event of a breach, SME merchants will no longer meet the qualifying criteria for the payment forensic investigation (PFI) ‘Lite’ in case of a breach. Instead they will be expected to hire an external PCI forensic investigator to carry out a full PFI investigation which costly and time consuming. PCI forensic investigators can be found here.

This information holds true irrespective of the merchants acquirer or PSP.
Have more questions? Submit a request

Articles in this section

See more