User permissions / security for enabling payments