# Payment Module — Manual Review Checklist

## Callback Idempotency
- [ ] Is payment callback idempotent? (duplicate notification won't double-charge)
- [ ] Idempotency key sourced from payment provider's transaction ID
- [ ] Idempotency check happens before any state change

## Amount Precision
- [ ] All monetary amounts use integer cents or decimal with fixed precision
- [ ] No floating-point arithmetic in payment calculations
- [ ] Rounding strategy defined and consistent (round half up vs floor)

## Reconciliation
- [ ] Reconciliation logic matches payment provider's settlement model
- [ ] Discrepancy thresholds defined (when to auto-adjust vs flag for manual review)
- [ ] Reconciliation runs are idempotent

## Refund State Machine
- [ ] All refund states defined (pending, processing, completed, failed)
- [ ] Transition rules enforced (can't refund a refunded payment)
- [ ] Partial refund logic correct (remaining refundable amount tracked)

## Third-Party Timeout
- [ ] Payment provider timeout handled (request timed out ≠ payment failed)
- [ ] Retry strategy for querying payment status
- [ ] Circuit breaker or backoff for provider outages