Five signals. Every checkout.
A web pixel starts tracking the device the moment a customer lands on your store. By the time they reach checkout, OfferGuard already knows who they are.
Normalizes Gmail dots, strips +aliases, resolves domain aliases, and blocks 3,000+ disposable providers.
Phone
Normalizes formatting and country codes, then matches against shipping phones on previous orders.
Address
Fuzzy-matches street abbreviations, unit types, and ZIP formats. "123 Main Street Apt 4B" matches "123 Main St #4B".
IP
Counts distinct emails from the same IP address across checkout sessions. Catches people using different emails from the same network.
Device fingerprint
A web pixel collects screen resolution, timezone, hardware profile, and sets a persistent visitor cookie. Tracks the actual device across sessions, not just the user agent string.
Two layers, one identity
OfferGuard uses a web pixel and a checkout extension together. The pixel starts collecting device data on the first page view. The checkout extension verifies identity when the customer enters their email.
Web pixel (every page)
- Sets a persistent visitor cookie
- Collects screen size, timezone, hardware profile
- Tracks browsing sessions before checkout
- Sends fingerprint to backend on page view
Checkout extension (at checkout)
- Normalizes and checks email against orders
- Matches phone and shipping address
- Queries IP and visitor cookie from pixel data
- Blocks or warns in under 50ms
The visitor cookie is the strongest single signal. Even if someone uses a different email, different phone, and a VPN, the cookie ties their sessions together.
How signals work together
No single signal is bulletproof. The power is in the combination. OfferGuard uses configurable thresholds so a single weak match won't block a checkout, but multiple matches will.
One signal matches
A single IP match on its own could be two roommates. A single address match could be an apartment building. OfferGuard logs the match but does not block the discount. The merchant sees the signal in their admin for review.
Two or more signals match
Same IP and same phone? Same address and same device fingerprint? That is almost certainly the same person. OfferGuard removes the discount automatically and shows the customer a message explaining the offer is for new customers only.
Email normalization alone
A normalized email match — where [email protected] resolves to the same inbox as [email protected] — is definitive on its own. These are provably the same email. OfferGuard blocks this immediately, even without other signals matching.
You control the threshold. Some merchants want aggressive blocking. Others prefer to log and review. OfferGuard supports both approaches through configurable rules.
After the order
Detection doesn't stop at checkout. When OfferGuard allows, warns, or blocks a checkout, it can trigger automated actions in your Shopify admin.
Order and customer tags
Automatically tag orders and customers that match a rule. Use tags to filter in Shopify admin or trigger Shopify Flow automations.
Risk assessment
Create a risk assessment visible on the order page in Shopify admin. See exactly which signals matched and the confidence level.
Fulfillment hold
Automatically hold fulfillment for manual review before shipping. Useful for high-value orders flagged by multiple signals.
Order notes
Add a detailed internal note explaining which rule matched, which signals fired, and why the discount was blocked or allowed.
What this catches in practice
Every combination of abuse tactics maps to one or more detection signals. Here are the most common patterns OfferGuard catches every day.
The Gmail dot trick
A customer uses [email protected] for their first order, then comes back as [email protected]. Gmail delivers both to the same inbox. Shopify sees two different customers. OfferGuard's email normalization strips the dots and matches them as the same person.
Caught by: Email normalization
Different provider, same phone
A customer places an order with [email protected], then returns with [email protected]. Email normalization can't link these — they're completely different providers. But the phone number on both orders is the same. OfferGuard catches it.
Caught by: Phone matching
Guest checkout with address variation
A customer checks out as a guest with a throwaway email and a different phone number. But they ship to “123 Main Street Apt 4B” — the same address as a previous order that shipped to “123 Main St #4B.” Fuzzy address matching catches it.
Caught by: Address matching
Incognito mode + VPN
A customer uses a private browser window, a VPN, a new email, and a different phone number. But the web pixel set a persistent visitor cookie on their first visit that survives incognito mode. The device fingerprint (screen resolution, timezone, hardware profile) also matches. OfferGuard connects the sessions.
Caught by: Device fingerprinting + visitor cookie
The full bypass attempt
A customer uses a completely new email, new phone, ships to a friend's address, and uses a different browser. But they're on the same home Wi-Fi. The IP address matches a previous checkout that used the same discount. Combined with even one other weak signal, OfferGuard flags the order.
Caught by: IP validation + multi-signal correlation
Why server-side matters
OfferGuard runs on Shopify Functions inside Shopify's checkout infrastructure. The validation runs on the server, not in the customer's browser.
Frontend protection (other apps)
- Runs JavaScript in the customer's browser
- Bypassed with incognito mode
- Bypassed by disabling JavaScript
- Bypassed by clearing cookies
- Cannot access Shopify checkout page
Server-side protection (OfferGuard)
- Runs on Shopify's servers
- Cannot be bypassed by the customer
- Checks every checkout regardless of browser
- Runs inside the actual checkout flow
- Under 50ms — customer never notices
See it in action on your store.
Start free. No code changes needed.