Nevermind, I figured it out. Our site is HTTPS and the link that the customer gave us is HTTP... according to http://en.wikipedia.org/wiki/HTTP_referrer, "If a website is accessed from a HTTP Secure connection and a link points to a non-secure connection, then the referrer header is not sent".
Thanks so much for pointing me in the right direction!