Self-referrals, fake accounts, payment method gaming โ how to lock down your referral program without alienating real customers.
Every referral program leaks. Some customers refer themselves with a second email; others game the system with disposable payment methods. Here are the four rules we put in place on every install.
Rule 1: Same-device blocking. Don't reward when the referrer and referee come from the same browser fingerprint. This catches the most common abuse without false-positives on real customers.
Rule 2: Payment method dedup. Same credit card on referrer and referee = block. This catches family/household sharing (which is fine for friend-referral, not for paid acquisition reward).
Rule 3: Address proximity. Same shipping address within 30 days = flag (not block). Manual review catches roommates abusing the program while letting real gifts through.
Rule 4: Reward on second order, not first. Pay out the referral bonus only when the referee places their SECOND order. This kills 80% of abuse โ gamers don't bother with a real follow-up purchase.
