Cryptographic function errors always need to result in rejection. It is also useful to log (associated with the user's identity if possible) and flag these as possibly malicious activity for further analysis, or as input for application intrusion detection systems.

NB: Unlike other cards in this suit, CR 5 assumes that cryptographic functions are in place, however they do not correctly respond to errors.