Admin area Using the admin interface and managing screening results, settings, and logs. Dashboard PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Home — the operational overview of the module. Statistics cards Card Meaning Clients total All clients in WHMCS. Clients checked Clients that have at least one screening result. Matches Clients currently matching sanctions lists — the red alert on top links straight to the filtered list. Clean Clients checked with no findings. Entries: Canada / EU Number of sanctions list entries in the local database. Sanctions sources panel Shows the time of the last list synchronization. Sync sanctions lists now downloads the enabled OpenSanctions mirrors immediately (the daily cron does the same automatically). Last mass check panel Shows the last mass check time and the number of checks pending in the queue. Check all clients now starts a mass check: with Queue the mass check enabled (default) the clients are added to the queue and the cron processes them within minutes; with the queue disabled the check runs in your browser in batches with a progress bar. Database panel Check database tables verifies all module tables and creates any missing tables or columns (useful after a module update). It is non-destructive — nothing is ever dropped — and displays a per-table report (created / altered / unchanged). Screening results PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Clients — every client that has been screened, with the full match details. Filters All / Matches / Clean / Verified — one click switches the view. Matches is where the daily review happens; Verified lists clients an admin has marked as reviewed false-positives. Columns Column Meaning Client Name and company, linked to the client profile. Status MATCH (red) / CLEAN (green); a green VERIFIED badge appears next to it for verified clients (hover it to see who verified and when). Score The highest match percent (see How the matching engine works). Matches Every matched list entry: source (ca_dfatd, eu_fsf, csl:…, blocked_country), matched name, score. The external-link icon opens the OpenSanctions entity profile so you can see exactly who the client was compared with. Ticket The support ticket opened for this match. Checked At Time of the last check. Row actions Recheck — re-screens the client immediately (always real time, never queued). Mark as Verified — appears on matched clients; see Client profile panel & verification. Remove Verification — appears on verified clients. Client profile panel & verification PUQ Sanctions Checker module WHMCS Order now | Download | Community On every admin client page (Summary, Profile, Services, Invoices, …) the module injects a compact panel with the current screening state. Everything on it works via AJAX — no page reloads. When the client matches The panel shows the MATCH badge with the number of matches, the best-scoring matched name with its percent, a link to the opened ticket, and the check time. Check Now — re-screens the client immediately; when matches are found, the details modal opens automatically. Mark as Verified — the false-positive workflow (see below). View All Data — the full details modal. View All Data Each local-list match links to its OpenSanctions entity profile (aliases, birth dates, sanction programs) — open it to visually confirm whether your client is really the listed person. When Fraud Check is enabled, the same modal also shows the raw FraudRecord / IPQualityScore data. Verification (false positives) A clean client can share a surname with a listed person and would be flagged on every re-check. After reviewing the details, click Mark as Verified: A verified client: is skipped by all automatic checks — cron, mass check, registration, and order triggers; gets no tickets, status changes, or group moves, even from a manual re-check; can still be re-checked manually at any time; loses the verification automatically when the client changes profile data — the check then runs again in full. The module records who verified the client — first name, last name, login, and email of the admin are stored as a snapshot (not a reference), so the information survives even if the admin account is later deleted: Remove Verification puts the client back under automatic screening. Every verify/unverify action is written to the module log and the WHMCS activity log. Fraud Check on the panel With Fraud Check enabled the same panel shows the FraudRecord score, IP fraud score, and email leak status with their own Fraud Check Now and Send Report buttons — see Configuration → Fraud Check. List entries browser PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → List Entries — everything the module downloaded from the OpenSanctions mirrors, so you can verify what exactly your clients are compared against. Search — live search by name, alias, country code, or entity ID (400 ms debounce). Source filter — all sources / Canada (DFATD-SEMA) / EU (FSF); the counter on the right shows the total. Columns — source badge (CA/EU), entity type (Person / Organization / LegalEntity), primary name, aliases (hover for the full list), birth date, countries, and the import time. 50 entries per page with Previous/Next paging. The data refreshes automatically with the daily cron; Sync sanctions lists now on the Home page forces an immediate refresh. Log PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Log — the audit trail of everything the module does (last 500 entries). Event Meaning sanctions_check A client was screened: context (manual / register / edit / order / mass / cron), result, number of matches, max score. ticket_opened A support ticket was created for a match. ticket_skipped No ticket was created — the reason is spelled out (an earlier ticket is still open, or no department is configured). ticket_error The ticket API call failed — the full response is logged. whitelisted / whitelist_removed / whitelist_reset Verification set by an admin / removed by an admin / dropped automatically because the client changed profile data. client_updated Status change / group move applied on a match. list_sync Sanctions lists downloaded (per-source entry counts and errors). mass_check A mass check ran or was queued. queue_processed A cron tick processed a portion of the check queue. check_error A queued or batched check failed for one client. configuration_saved / schema_check Settings saved / database schema verified. Client numbers link to the client profile. Configuration — Sanctions sources PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Configuration → Sanctions sources. All settings are saved with the green Save Changes button; only the license key lives in Setup → Addon Modules. Local lists (OpenSanctions mirrors) Official government sanctions lists mirrored by the OpenSanctions project as clean machine-readable files (~2 MB each). No registration or API key required. The files are imported into your database and matching runs locally — no client data leaves your server. Synchronized daily by cron. Matching engine Setting Default Description Full name match threshold 85% Similarity of the whole name required to report a match. Enable trigram matching + threshold on / 65% 3-letter-chunk comparison, catches typos and letter swaps. Trigram minimum name length 6 Trigrams run only when both names have at least this many letters — short names would match randomly. Enable per-word matching + minimum words on / 1 Only the surname or a company word can trigger a match; a first-name-only hit never flags. Minimum 1 flags surname-only matches (with a lower score); 2 requires first + last name. Word similarity threshold 85% How similar two words must be to count as a pair (catches Ivanov / Ivanoff). The methods are explained in detail in How the matching engine works. US Consolidated Screening List API Real-time fuzzy search against 11 US lists (OFAC SDN, BIS Entity List, State Department). Get a free API key at the ITA API portal; results below CSL minimum match score (default 90) are ignored. Client names are sent to trade.gov over HTTPS. Blocked countries Comma-separated ISO-2 country codes (e.g. RU,BY,IR,KP,SY,CU). The country from the client profile is compared against this list; a match is reported with score 100. Configuration — Check triggers & queue PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Configuration → Check triggers — when checks run automatically. Check triggers Setting Description Check on client registration Screen every new client (ClientAdd). Check on client profile update Re-screen when the client changes profile data (ClientEdit). This also drops the Verified flag — see verification. Check on order checkout Screen on every order checkout. Run trigger checks on the next cron (queue) Applies to the three triggers above ONLY. Instead of checking during the client's request — which can be slow and cause timeouts when external APIs are enabled — the client is added to the queue and checked by the cron within a few minutes. Manual checks always run in real time. Periodic mass check Setting Default Description Periodic mass check (cron) Disabled Disabled / Daily / Weekly / Monthly re-check of the client base. Sanctions lists change constantly — a weekly or monthly re-check is recommended. Clients to check in mass check Active only Active clients only, or all clients. Queue the mass check on The mass check (Home-page button and the schedule) adds clients to the queue; the cron drains it in portions. Recommended for large client bases. Queue items processed per cron run 50 Portion size per cron tick (~5 minutes). Lower it when the CSL API is enabled. Verified clients are excluded from the mass check automatically. How the queue works internally is described in Cron automation & check queue. Configuration — Actions on match PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Configuration → Actions on match — what happens when a check finds a match. Support ticket Setting Description Open a support ticket Master toggle. One ticket per client: while a sanctions ticket is open, repeated checks do not create duplicates. If the ticket was closed and the client still matches later, a new ticket is opened. Support department Where the ticket is created. Ticket subject / message Your own templates with merge fields: {client_id}, {client_name}, {client_company}, {client_email}, {client_country}, {matches}, {date}. A real ticket produced by the module — {matches} expands into the full list with sources, scores, and the method that matched: Client actions Setting Description Set client status Optionally set the client to Active / Inactive / Closed on a match. Leave empty to keep the status unchanged. Move client to group Optionally move the client into a chosen client group (handy for a "Sanctions review" group). Leave empty to keep the group. Both actions are applied on every check that finds a match — but never for verified clients. Every action is written to the log (client_updated, ticket_opened, ticket_skipped with the reason). Configuration — Fraud Check PUQ Sanctions Checker module WHMCS Order now | Download | Community Addons → Sanctions Checker → Configuration → Fraud Check — the built-in fraud screening via FraudRecord and IPQualityScore. Services FraudRecord (register free) — a shared database of abuse reports from hosting providers. Client data is hashed locally before it is sent, so no plain-text personal data leaves your server. Create a reporter profile to get an API key. IPQualityScore (create account) — scores the client's IP for proxy/VPN/fraud risk and checks whether the email address appears in leaked databases. The free plan includes monthly lookup credits. Master toggle and triggers Setting Description Fraud check enabled Master toggle; at least one service with an API key must be enabled. Fraud check on registration / profile update / order checkout The same trigger events as the sanctions checks, controlled separately. With the check queue enabled for triggers, fraud checks are queued too. Where you see the results The client profile panel shows Fraudrecord: 0-0-0 | Fraud IP: 0% | Fraud Email: NO badges (red = findings), a Fraud Check Now button, and Send Report — a form (fraud type, level 1–10, free text) that submits an abuse report to FraudRecord and/or IPQualityScore. Raw API responses are available in the View All Data modal.