diff --git a/src/osdp_cp.c b/src/osdp_cp.c
index f7a6ec0c..faf8d903 100644
--- a/src/osdp_cp.c
+++ b/src/osdp_cp.c
@@ -639,6 +639,10 @@ static int cp_decode_response(struct osdp_pd *pd, uint8_t *buf, int len)
 		ret = osdp_file_cmd_stat_decode(pd, buf + pos, len);
 		break;
 	case REPLY_CCRYPT:
+		if (sc_is_active(pd) || pd->cmd_id != CMD_CHLNG) {
+			LOG_EM("Out of order REPLY_CCRYPT; has PD gone rogue?");
+			break;
+		}
 		if (len != REPLY_CCRYPT_DATA_LEN) {
 			break;
 		}
@@ -654,6 +658,10 @@ static int cp_decode_response(struct osdp_pd *pd, uint8_t *buf, int len)
 		ret = OSDP_CP_ERR_NONE;
 		break;
 	case REPLY_RMAC_I:
+		if (sc_is_active(pd) || pd->cmd_id != CMD_SCRYPT) {
+			LOG_EM("Out of order REPLY_RMAC_I; has PD gone rogue?");
+			break;
+		}
 		if (len != REPLY_RMAC_I_DATA_LEN) {
 			break;
 		}
diff --git a/src/osdp_pd.c b/src/osdp_pd.c
index 779a2906..b1e31cb4 100644
--- a/src/osdp_pd.c
+++ b/src/osdp_pd.c
@@ -621,7 +621,7 @@ static int pd_decode_command(struct osdp_pd *pd, uint8_t *buf, int len)
 		if (sc_is_active(pd)) {
 			pd->reply_id = REPLY_NAK;
 			pd->ephemeral_data[0] = OSDP_PD_NAK_SC_COND;
-			LOG_WRN("Out of order CMD_SCRYPT; has CP gone rogue?");
+			LOG_EM("Out of order CMD_SCRYPT; has CP gone rogue?");
 			break;
 		}
 		memcpy(pd->sc.cp_cryptogram, buf + pos, CMD_SCRYPT_DATA_LEN);