Secure Payment Confirmation - False Positive match

This is a test website. Nothing is charged.

This demo tests the 'false positive' corner case in SPC when a user-agent is using a local browser-cache of credential IDs. By creating a discoverable credential first with the payment extension set, and then overriding it with the same user.id but without the payment extension, the SPC layer is tricked into thinking that the credential still exists.

Availability and use of proper OS-level credential store APIs fixes this problem.

This demo will not function on platforms that lack support for discoverable credentials (e.g., Android).