Evaluates code-level payment implementation security covering Stripe/payment provider SDK usage, client-side tokenization, webhook verification, fraud prevention patterns, and payment error handling.