We show you exactly how players exploit your systems — and what it costs you.
Cage Research simulates how players exploit loyalty and wallet systems — and the guest systems connected to them — to quantify real revenue loss.
Get a walkthrough ↗What we test
Targeted assessments built around how money actually moves through casino and hospitality systems, built on operator-specific research, not generic controls testing.
Loyalty & Wallet Abuse Assessment
Account enumeration, PIN and credential attacks, wallet manipulation, comp exploitation, and promotion abuse — with dollar-impact estimates for every path.
Mobile Key & NFC Attack Paths
Hotel lock bypass, badge cloning and relay attacks, BLE pairing exploitation, kiosk and terminal abuse vectors.
PMS & Check-in Attack Surface
Reservation manipulation, ghost bookings, check-in bypass, comp abuse via PMS inconsistencies and API flaws.
Full-Chain Attack Simulation
Casino floor → backend pivot. Player account → loyalty → comps → room. Device → BLE → internal network.
Built on operator-specific research, not generic consulting playbooks
Our tooling already models loyalty, reservation, mobile-key, and slot ecosystems across multiple operators and properties — before an engagement starts. We start closer to the money.
Cross-property account and wallet attack modeling
We map account formats, validation oracles, PIN paths, and wallet behavior across multiple operators — so a single weakness can be understood at vendor scale.
Reservation and mobile-key exploitation
Check-in state abuse, reservation manipulation, mobile-key issuance, and PMS-linked access paths are part of the same revenue story.
BLE, NFC, and slot interaction capability
Work spans on-property systems and the backend platforms they connect to — slot pairing, card emulation, device instrumentation, and floor-to-backend attack chaining in live environments.
Attack narrative, not vulnerability report
Every engagement produces an exec-readable exploitation story with real financial impact — not a CVSS dump. These are not single-property issues — the same patterns repeat across properties and shared platforms.
Enumerate valid loyalty accounts
Identify exposed endpoints and valid account identifiers at scale.
Take over or create synthetic accounts
Credential attacks, PIN brute force, or synthetic identity injection.
Manipulate wallet, comps, and free play
Exploit promotion logic, wallet balance flows, and comp issuance paths.
Convert to real-world value
Room nights, food credits, cash equivalents — quantified in dollars lost.
3-Page Executive Summary
Designed to make leadership act. Clear exploitation paths with estimated monthly revenue impact.
Step-by-Step Attack Path
Every finding documented as a narrative — how the attack works, what it costs you, and what to fix first.
Technical Appendix
Full proof-of-concept evidence and remediation guidance for your security and engineering teams.
See how the money moves.
We'll walk through real attack paths against systems like yours — no pitch deck, no sales call — just the walkthrough.
contact@cageresearch.com