A payment processing system receives a token from a user device. Based on the first token, the payment processing system establishes a second token that remains valid longer than the first token. The payment processing system then associates the second token with a user account identifier and establishes a rescue code for use in an offline user transactions. The payment processing system then communicates the second token and the rescue code to the user device. When the user engages in an offline transaction, the payment processing system receives the rescue code and the user account identifier from the merchant computing device. Based on the user account identifier received from the merchant computing devices, the payment processing system identifies the second token and verifies that the received rescue code matches the rescue code associated with the user account identifier. Based on the verification, the payment processing system authorizes the sales transaction.