These two processes should not be allowed by a user under any circumstances due to the significance of the fraud risk. This would allow the ability to update any of the Payment settings prior to processing a payment. The setting could then be reset to the original value and since the form audit information is based on the form and not the field, it would be impossible to know which value was changed.