Trigger
Use this runbook for failed payments, duplicate payment risk, webhook failures, wallet balance mismatch, Apple Pay issues, or provider integration errors.
| Step | Action | Owner | Evidence | Status |
|---|
| 1 | Stop and classify the incident as financial-impact risk until confirmed | Incident Commander | Incident note | TBD |
| 2 | Identify affected payment provider, endpoint, and time window | Backend / Payments | Provider and endpoint evidence | TBD |
| 3 | Check whether duplicate transaction or webhook was processed | Backend / Payments | Transaction and log evidence | TBD |
| 4 | Compare provider record with internal wallet/payment record | Finance / Backend | Reconciliation evidence | TBD |
| 5 | Check Sentry and Laravel logs for payment exceptions | Backend | Sanitized evidence | TBD |
| 6 | Decide whether to disable affected payment flow temporarily | Incident Commander / Product | Decision record | TBD |
Required Evidence
| Evidence | Notes |
|---|
| Provider transaction ID | Do not expose sensitive card data |
| Internal payment record | Include status and timestamp |
| Wallet ledger record | Required if wallet balance changed |
| Webhook log | Required for duplicate or missing webhook |
| Idempotency evidence | Required before closure |
Closure Criteria
- No duplicate financial impact exists, or it has been corrected and approved.
- Provider records and internal records are reconciled.
- Affected users are identified if support communication is needed.
- Root cause and preventive action are documented.