If I were evil and had physical access to these payment systems I’d start by doing the obvious of changing passwords and install backdoors so I’d have permanent access. Then I think I’d start encrypting the database of payees to guarantee complete irreversable control over who gets paid.

But I’m not evil and don’t have access, just playing devil’s advocate.

Well, it’s somewhat color dependent.