Are Card-On-File (COF) transactions using a tokenised card exempted from SCA once one has registered at the merchant?

No, COF transactions are considered e-commerce transactions and would require SCA, except in any cases where an exception can be applied to them.


A COF transaction is a transaction in which the merchant makes use of the cardholder's data (PAN or tokenised PAN and expiry date), concerning which the cardholder has granted the merchant explicit consent to store the data and to use them for this and subsequent transactions.


Thanks to tokenisation your card's actual number will not be used to make the payment. Instead, it will be replaced by another numerical code that will be used to make the payment transaction.


Return to frequent questions on PSD2 for stores

For Unicaja Banco S.A., the holder of the web page, it is important to adapt to your tastes and preferences, for which we use own and third-party cookies, that gather connection data that may be linked to your registration user name, the purpose of which is to measure traffic and user interaction with the web page, to help to improve operation of the web content, as well as the services and products offered, preparing behaviour profiles, while always protecting your privacy. You may transparently choose the configuration that suits you best, without that causing any change in your usual operations.