Access control readers are the first line of defence for organizations to restrict access to their facilities to the people who are supposed to be there. Such readers represent a major investment for organizations and are replaced every 7–10 years. The choice of reader and credential made at the time the system was designed and installed may be vulnerable to an array of attacks, such as credential cloning and data transmission exploits, which would allow a threat actor to pass through an entrance undetected. Once the threat actor has entered the building, the people and/or assets that the organization are responsible for are at risk. Access control readers have a number of interfaces based on different technologies that may be attacked to learn more about the configuration and other features of the device. This information may then be used to craft an attack on a real system. To the best of our knowledge, this is the first paper that outlines the various technologies incorporated into these products and draws upon this data to present the first model of the contemporary access control reader. The model is then further developed by considering the cybersecurity implications of each of the technologies found in an access control reader. Finally, based on known attack vectors, the model may be used as a risk assessment framework for readers and credentials. From this foundation, a series of further research topics are then proposed.