Why Bubblehouse self-referrals slip through on Shopify (and what catches them)

Same address, three emails, three "referrals"

A buyer joins your Bubblehouse referral program, gets their referral link, and "refers" three friends. The friends place orders, the codes apply at checkout, and Bubblehouse pays out the rewards.

The catch is that those three friends used the same shipping address. Different emails, different phone numbers, but the boxes all ship to the same townhouse. Your Bubblehouse dashboard sees three valid referrals. Your warehouse sees one customer.

This is the most common shape of self-referral on Shopify. It's not exotic. Most of the time it doesn't even involve bots or VPNs. It's a buyer figuring out that they can claim both halves of the referral reward by being both the referrer and the referee.

The 5–15% range you'll see in industry research understates it for stores that haven't actively protected their program. Once the pattern works, it spreads through Discord servers, Reddit threads, and word-of-mouth at the household level. By the time you notice the gap, it's already been scaled.

Bubblehouse runs the program. It doesn't validate the buyer.

Bubblehouse is a loyalty and engagement platform. Points, tiers, achievements, subscription milestones, and yes, referrals. Its job is helping you turn customers into advocates. Their public materials don't claim to police the buyer's identity at checkout, and their code doesn't try to.

The one safeguard that exists is a 15-day waiting period before the referrer's reward is paid. This catches order cancellations and chargebacks. It does not catch the buyer using their second email and a friend's address. By the time the fifteen days are up, the order has shipped, the discount has been honored, and you've paid out a referral reward to someone who referred themselves.

This is a gap in the stack, not a Bubblehouse problem. Brands running Bubblehouse love what it does for engagement and word-of-mouth. The piece they didn't realize they were missing is the layer that validates whether the buyer at checkout is really a new customer or the same one with a fresh email.

What the abuse pattern looks like in your data

If you pull your last 30 days of Bubblehouse-attributed orders, look for any of these:

• Two or more orders with different emails shipping to the same address
• Two or more orders with different emails using the same phone number
• A "new" buyer whose order ships to the same address as the referrer
• Multiple referral redemptions from the same browser session in a short window

You won't catch all of them by hand. A high-volume store does hundreds of Bubblehouse-attributed orders a week, and by the time you've spotted a pattern, the buyer has already moved on to the next email.

This is what makes self-referral different from chargeback fraud or coupon leaks. It's distributed, low-friction, and looks fine at every point in your data unless you're specifically looking for one identity wearing several names.

Why the same person uses the program three times

The buyers doing this are not criminals in any meaningful sense. They are price-sensitive shoppers who saw an opportunity. They got their referral link, realized the program rewards both sides, and started creating throwaway emails to capture both halves. Some of them feel a little guilty about it. Most don't.

That matters because the response shouldn't be "block them and fight." It should be "the offer was for one person, and one person got it." The buyer keeps shopping, the discount comes off, and the order completes at the regular price. No conversation about fraud, no flagged customer accounts, no chargebacks. Quietly correct math.

What stops it

A second layer of identity validation at checkout, after the Bubblehouse code is applied but before the discount is honored. The system reads the code, checks who the buyer is across the signals you already have on file, and decides whether to honor the discount or remove it.

This is what OfferGuard does. The default action when a buyer doesn't qualify is the gentlest one available. The discount comes off, the cart shows the regular price, and the order proceeds. The buyer is free to walk away or to buy at the regular price, the same way they would if they had never had a code in the first place.

The validation runs server-side inside your Shopify checkout. It auto-detects every Bubblehouse code by the way the codes are titled and the segments they're tied to, so you don't have to copy each code into a separate tool every time Bubblehouse mints a new one. If a buyer trips an identity match across email, phone, address, IP, or device, the code comes off. If they're a real first-time customer, Bubblehouse pays out the reward exactly as you set it up.

One week, one shop, what changed

Here is what seven days look like for a Shopify Plus brand running Bubblehouse with OfferGuard layered on top:

• 135 Bubblehouse referral codes applied at checkout
• 15 verified first-time buyers received the discount, Bubblehouse rewarded the referrer, the order shipped at the discounted price
• 120 returning-buyer attempts had the code removed because the same buyer was using a new email, an address that matched a previous order, or another identity signal tied back to a past purchase

That is not a story about catching crooks. It is a story about restoring the math the merchant expected when they set up the program. Without the validation layer, Bubblehouse would have paid out 120 referral rewards for orders the merchant never planned to discount.

Across the same week, the brand's first-time-buyer free shipping offer rewarded 35 verified first-time customers and caught 15 abuse attempts on the same offer, generating $14,990 in legitimately discounted revenue.

How long the setup takes

If you're already on OfferGuard, switching on Bubblehouse referral protection takes about two minutes. The Bubblehouse template auto-detects the codes by their segments and titles, you set your per-identity limits (max one per address, max one per phone, etc.), and the rule starts running on the next checkout.

If you're not on OfferGuard yet, the install is from the Shopify App Store and takes about the same. The free plan covers one rule and fifty checks a month, which is enough to see whether the abuse pattern in your store matches the one described above.

A few common questions

Does this break Bubblehouse? No. Bubblehouse continues to run your referral program exactly as you configured it. OfferGuard only steps in when a code is applied at checkout, and the only thing it changes is whether the discount is honored for that specific buyer.

What happens to legitimate referrals? They go through. The verified first-time buyer gets the discount, Bubblehouse pays out the referrer reward, the order ships at the discounted price.

Does it work at guest checkout? Yes. Most Bubblehouse codes are applied through SMS or email links, and most of those buyers complete checkout as guests. OfferGuard runs the same identity check whether the buyer is logged in or not.

What does the buyer see when they don't qualify? The discount line disappears from the cart. They see the regular price and decide whether to continue. There's no warning popup, no error message, and no public accusation.

Can I keep this off for VIPs or specific segments? Yes. You can carve out exceptions by customer tag or segment, and the default rule applies to everyone else.

The math you're trying to protect

Referral programs work on the assumption that a referrer brings in customers who otherwise would not have shopped. When the same person redeems the program three times, that assumption collapses. The math you used to calculate the reward (the lifetime value of an acquired customer minus the cost of the discount and the referrer payout) was based on the customer being new.

Validating that assumption at checkout is the difference between a referral program that pays for itself and one that quietly leaks margin every week. Bubblehouse runs the program. OfferGuard validates the buyer. The two layers stack, and the program starts behaving the way it was designed to.

If your Bubblehouse dashboard shows referral activity that feels too good (too many redemptions, too many "new" customers, too few of them coming back for a second order), pull a sample and check the addresses. The pattern shows up fast.

You can install OfferGuard from the Shopify App Store and run the Bubblehouse template against your next week of orders. The free plan covers fifty checks, which is enough to know within a day whether your program has the pattern.