The way to get around this if you absolutely want to be able to disable a clients site for none payment is to have the code call out to an authorization server that you control. In which case you can shut down authorization on your own system for non-payment. This is akin to a dongle and is legal.
In saying that upon payment it is a good idea to have a routine that kills the check to your server as an authorization check that fails in production could shoulder you with a good deal of liability.
In saying that upon payment it is a good idea to have a routine that kills the check to your server as an authorization check that fails in production could shoulder you with a good deal of liability.