Techniques described herein are directed to embedded card reader security. In an example, personal account number data read from a payment instrument may be temporally and/or spatially separated from personal identification number data utilized to complete a payment for products. Temporal separation may include removing the personal account number data from a merchant device prior to request personal identification number data. Spatial separation may include utilization of trusted execution environments, separated embedded card reader applications, intermediary applications, and/or trust routines, for example to enable different components of a merchant device, and/or components of other devices and systems to handle personal account number data and personal identification number data.