receiving, by an Encrypted Personal Identification Number (PIN) Pad (EPP) of a terminal, a card reader authorization request to authorize a card reader of the terminal for operation, wherein the card reader authorization request is initiated by the card reader upon each power-on sequence and provided to the terminal each time the card reader is powered on for operation with the terminal, wherein the EPP and the card reader are integrated within the terminal as integrated peripheral devices of the terminal, wherein the terminal is an automated teller machine or a self-service terminal, wherein the EPP and card reader are separate and independent peripherals of the terminal;

processing, by the EPP, cryptographic operations on card reader data including validating a cryptographic token associated with the card reader; and

sending, by the EPP, an authorized message or a rejected message back to the terminal to authenticate or to reject the card reader for operation within the terminal based on the processing, wherein the rejected message is provided back to the terminal when the card reader authorization request is generated by the card reader more than once a single day, and wherein the processing further includes verifying the cryptographic token against a previously issued token by the EPP, wherein the cryptographic token is encrypted with a symmetric key stored only on and accessible only from the EPP.