Skip to main content
ZendFi runs layered fraud and compliance controls across payment creation, checkout, and submission. This page explains what users should expect, what can trigger additional review, and how to operate safely in production.

What ZendFi Protects Against

ZendFi risk controls are designed to reduce:
  • rapid payment abuse from a single wallet
  • high-velocity traffic from a single IP
  • unusual spend spikes over short windows
  • suspicious first-time high-value wallet behavior
  • payment flows involving sanctioned wallets at enforced checkpoints
To keep detection effective, ZendFi does not publicly disclose all rule internals or exact production thresholds.

How Risk Evaluation Works

Fraud and sanctions checks happen in multiple stages:

Stage 1: Payment creation

At creation time, ZendFi performs:
  • sanctions screening on the merchant wallet
  • blocked IP checks
  • fraud pre-check scoring for the current create request
Possible outcomes:
  • Allow: payment is created normally
  • Allow with review: payment is created with a manual-review marker
  • Block: request is rejected before payment creation

Stage 2: Checkout transaction build

Before a transaction is built, ZendFi screens the customer payer wallet for sanctions and re-evaluates fraud risk. This prevents high-risk transactions from advancing to signature flow.

Stage 3: Submission gates

During both standard and gasless submission, ZendFi applies a fraud-score gate and a submit-time fraud re-check to prevent stale-risk bypasses.
Current implementation enforces sanctions checks at payment creation (merchant wallet) and transaction build (customer wallet). Submission-stage enforcement is fraud-based.

Risk Outcomes You May See

ZendFi can apply one of three actions:
OutcomeWhat it meansTypical user experience
AllowedLow riskCheckout proceeds normally
Flagged for reviewElevated but non-blocking riskPayment is created as pending with a review flag
BlockedHigh risk or sanctions hitRequest or submission is rejected
A blocked response does not always mean malicious intent. It can also be a protective false positive. Merchants should have an escalation path for legitimate customers.

Sanctions Screening (OFAC)

ZendFi sanctions controls include:
  • in-memory wallet screening for fast lookups
  • daily background refresh from OFAC publication exports
  • optional compliance-managed seed list at startup for baseline protection
  • Use a compliance-approved startup seed list for sanctioned Solana wallets.
  • Keep daily refresh enabled.
  • Enable strict startup mode once your approved seed list is operational.
Sanctions list lifecycle and startup hardening controls are managed by ZendFi platform operations. Merchants do not need to configure OFAC environment variables in their integrations.

Merchant Best Practices

To reduce friction and false positives:
  1. Use realistic payment amounts and avoid unusual one-off spikes.
  2. Attach stable order metadata so support teams can investigate quickly.
  3. Keep customer checkout flows consistent (wallet, session, and network behavior).
  4. Retry responsibly with idempotency and clear UX when a payment is blocked.
  5. Define an internal review process for high-value or first-time customers.

Customer Messaging Guidance

When a payment is blocked or held for review, customer-facing copy should be clear and neutral:
  • avoid accusatory language
  • ask customer to retry or contact support
  • provide a reference ID (payment ID) for faster resolution
Suggested support message:
“Your payment needs additional review for security checks. Please contact support with your payment ID.”

Operational Checklist

  • Monitor blocked and flagged payment rates.
  • Review recurring blocked wallets and IPs for abuse patterns.
  • Re-tune thresholds using observed false-positive and fraud-loss rates.

Need Help?

If your team needs help tuning fraud controls or compliance rollout, contact support with:
  • payment IDs affected
  • timestamps and environment (test or live)
  • expected customer behavior vs observed outcome