The Web Payment APIs are a set of specifications by the W3C Web Payments Working Group that aim to offer a set of new and improved checkout mechanisms for the web. Thousands of online shops provide customers with nearly endless possibilities of buying products. Although they differ in their products and customers, they all share the need for a checkout process to obtain customer information and a corresponding financial transaction. As these specifications strive to become the new standard for web payments, security is a crucial aspect. In this work, we created an extended version of the Web Infrastructure Model by expanding it with the APIs and functionalities described in the aforementioned specifications of the Web Payment APIs. Within the model, we performed a formal security analysis which led to the discovery of a possible attack and additional vulnerabilities. We offered mitigations against this attack and said vulnerabilities and showed that the resulting model satisfies the modeled security properties. By doing so, we show that the resulting model guarantees that payments can only be performed in an authorized manner and that the integrity of the financial transactions is ensured. After making the Chromium team aware of the found attack, they implemented our proposed mitigation approach and released a patch that was already distributed to millions of devices at the time of writing.