What Time Is It?
Consider the implementation of time-of-day requirements for payment processing. For example, 9-to-5 hours in your particular time zone could be an effective parameter, or you may choose to somewhat expand that to accommodate offices in other time zones. But in most cases, there is an opportunity to restrict access during the middle of the night. Many exploits occur after working hours and could be mitigated through the use of policies that prohibit funds transfers prior to human review.