We've implemented approach in which users record the terms of future transaction to blockchain before assets settlement and commit to these terms by signing the transaction with their private keys. This allows manipulations with users assets to be avoided, but means that users need to confirm the following transactions:
1) Order creation in the blockchain
2) Approval of transfer to the ERC20 token contract
3) The actual settlement of assets to the contract.