Best-in-class PMS security 

Keep your guest and property data secure

Prevent cyberattacks, avoid data breaches and increase guest loyalty with enterprise-grade security features. At Mews, our ongoing commitment to data privacy and security is embedded in every part of our business.

security-Mews-v5

Why choose Mews for security 

Microsoft partnership

Mews builds on strong security guarantees and SLAs from Microsoft.

Compliance

Industry certifications ISO 27001, PCI-DSS Level 1, SOC 2 Type 2 and GDPR compliant.

Data privacy

We comply with the GDPR and give guests control over their personal data.

Disaster recovery

Four levels of database backup keep your guest and property data covered.

The state of hospitality security 

Guest loyalty and trust are already a struggle, and the current state of security (or insecurity) adds to the challenge. 

31%

Of hospitality organizations
reported a data breach*  

*2023 Hospitality Sector Threat Landscape by Trustwave 

$4.4M

Global average cost of a data
breach 2023*

*IBM Cost of a Data Breach Report 2023

$1.76M

Average savings from security AI
and automations* 

*IBM Cost of a Data Breach Report 2023

Mews-security-body-1

Manage user access with ease

When more people are granted access to sensitive data, the risk goes up. Stay secure as you scale with our Identity Access Management features which simplify user management across multiple properties and devices.

card-key-icon

Single Sign On 

Say goodbye to passwords on sticky notes. Give your staff members a secure way to log in to all authorized tools using one set of credentials you control. 
customer-add-icon

SCIM user provisioning and deprovisioning

Grant or revoke access automatically when staff start or leave. Increase onboarding and offboarding security and boost consistency across all properties.
tick-circle-icon

Two-factor authentication

2FA provides an added layer of protection against unauthorized access to sensitive information and data breaches from hackers.  
refresh-icon

Automatic updates

Stay protected against emerging threats with regular automatic updates and patches to the platform.
list-check-icon

99.9% uptime

Our SLA guarantees a 99.9% uptime and in the past 12 months we’ve averaged 99.97%.
Mews-security-image-2
Mews-security-image-3
Reliable and proactive

Platform security you can trust

azure mews

Built on Microsoft Azure

Along with the security guarantees and SLAs from Microsoft and utilization of their multi-geography data centers, having a cloud-based (and native) platform minimizes the surface exposed to potential attacks. If an attack were to occur, automatic and continuous data backup allow for rapid restoration.

Mews-security-image-5

Continuous security testing

To bolster system security, parts of our system continuously undergo penetration testing by a third party, looking for risks or weaknesses in the security, before they can be hacked. Additionally, we have established a Bug Bounty Program to leverage a community of ethical hackers for continual testing and disclosures. We also go through audits, certifications, due diligence processes and pen tests.

Mews-security-v9

Compliance and certifications

To give you and your guests peace of mind, Mews meets industry standards and best practices in safeguarding sensitive data – we are GDPR, ISO27001, NF525, PCI DSS and SOC 2 Type 2 compliant. Our policies and processes are designed to meet the stringent standards of security and privacy certifications, prioritizing your privacy and data security at every step.

Payments data protected

Embedded into the platform, Mews Payments is fully compliant with global industry standards to safeguard cardholder data security.

security-icon

Tokenization 

To protect guest payment details, they are tokenized and then safely stored to limit the cardholder data in the environment. For extra protection some regions or property settings may need to verify identity with 3D Secure or 2-factor authentications.

credit-card-icon

P2PE

Point-to-Point Encryption (P2PE) is a way to keep cardholders’ information safe by encrypting it from the start to the end of the transaction. Mews Terminals use P2PE to make sure card data is secure.

wallet-icon

PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) is a global set of rules designed to protect account data. Our rigorous adherence is reflected in our certified track record, ensuring that the annual independent compliance audit is passed.

credit-card-tick-icon

PSD2

Payment Service Directive (PSD2) is a set of rules for payment services and providers in the EU and EEA to follow to protect customers. Mews Payments follows these rules and uses 3D Secure to make sure customers are who they say they are.

Disaster recovery

Four levels of database backup mean we can get your data restored and back to you – with no loss of information.  

Local high availability cluster

Two identical replicas of the database are stored so that we can retrieve the second one in the case of an incident.

Point in time restore

If needed, we’re able to restore a complete database to a particular point in time – even up to 35 days back.

Daily snapshots

Every day, we take a snapshot of the primary database using the point-in-time restore capability to another backup server.

Giving guests
control

Guests can manage their personal data, request profile deletion and select which data can be shared with the property.

Mews-security-image-7

Learn more

We are fully transparent when it comes to our security practices. Visit our resources to find out more.

Mews Trust Center

Security posture and documentation access request. 

Mews Status

Information on performance and historical uptimes.

Mews Privacy Policy

How Mews collects, processes, and protects personal data. 

More on security

1/4

Make it remarkable.

Ready to take the first step towards a more efficient, flexible, guest-centric approach to hospitality?

FAQs

Does Mews provide information security training for staff?

All staff undergo regular security and compliance training and optional technical events throughout the year to maximize security skills and awareness.

Is your security posture information publicly available? 

It is – visit the Mews Trust Center to learn about our security posture (including compliance, infrastructure and data privacy) and Mews Status for our transparent, proactive uptime monitoring.

Do you maintain an up-to-date register of all your IT devices? 

Yes, we do – it's part of our IT asset management process.

Why is secure user management critical for hospitality businesses? 

Verizon reports that 74% of all data breaches involve the “human element”, meaning human errors, privilege misuse, use of stolen credentials or social engineering.

Because hospitality businesses collect and process sensitive customer data, including names, addresses, email addresses, phone numbers and credit card information, they are a common target of cyberattacks.

To mitigate the security risks of the human error, Mews offers advanced user management features to protect your guest and property data, including:

  • Two-factor authentication (2FA),
  • Single Sign On (SSO),
  • SCIM user provisioning and deprovisioning.

What is Single Sign On? 

Single sign-on (SSO) is an authentication scheme that allows users to log in with a single set of credentials and access multiple related, yet independent, software systems without re-entering authentication factors.

What is SCIM User Provisioning?  

SCIM User Provisioning is the process of creating and removing user accounts, ensuring efficient onboarding and offboarding procedures which is critical to good security practices. Because access is granted on role level, SCIM User Provisioning helps limit overprivileged users so they have just the right amount of access to perform their jobs.