Prevent double spending through retry

[crowgames]

Reading the specification, I wonder how a payment handler would be able to prevent double spending when a user issues a Payment Request retry().

As of my understanding, a Payment Handler probbably triggers a payment after receiving a PaymentRequestEvent.
Through the retry, a second PaymentRequestEvent is triggered, which is identical to the first one. For an unaware Payment Handler this would lead to double spending.

In case of switching Payment Method/Handler through a retry, the first Payment Handler stays unaware of the retry mechanism and the second one is unaware of this being a retry.
Which would lead to double spending as well, wouldn't it?

Am I missing something in this interpretation of the specifications?
Is there a way of the PaymentHandler to detect a retry or deal with this issue in general?

[ianbjacobs]

Hi @crowgames,

The paymentRequestId attribute should help. It is set to the (unique) id of the payment request [1]. So the payment handler should be able to know that this is the same transaction.

Let me know if this would work for your use case.

Ian

[1] https://www.w3.org/TR/payment-request/#id-attribute

[crowgames]

Thanks for your reply @ianbjacobs!
What if a user changes the payment handler though?
If I my first request is to Handler A and the second (through retry) is to Handler B, the request ID does not help, since both A and B only observe it once.
Thanks in advance for the clarification!

[marcoscaceres]

A user cannot switch payment handlers during retry. One can only change the things being retried (eg. new credit card expiry date).