The Washington Post returned to the issue of Sen. Barack Obama’s campaign’s refusal to turn on the basic Address Verification System on Wednesday, but it lets the Obama campaign get away with a whopper.
When asked whether the campaign takes steps to verify whether a donor’s name matches the name on the credit card used to make a payment, Obama’s campaign replied in an e-mail: “Name-matching is not a standard check conducted or made available in the credit card processing industry. We believe Visa and MasterCard do not even have the ability to do this.
Really? Then how are people able to donate to Obama using the names “Adolfe Hitler” or “Joe Stalin,” but those same fraudulent names are summarily refused at the McCain Web site.
As Ace notes with the assistance of someone experienced in the credit card processing business:
Because many of our colleagues in the media have failed to investigate the shenanigans of the Obama Campaign, I have taken upon myself to uncover some improprieties. One that has troubled me greatly is Obama’s very relaxed donation policies.
I have over 8 years experience working in the payment services industry. By
taking a closer look at Obama’s online donation site, I have noticed that
his team has left the door wide open for credit card fraud by not putting in
the security measures to ensure full visa/mastercard authorization
compliance. This is outright irresponsible behavior on the part of Obama’s
team and in direct violation of their agreement with Visa/Mastercard.
I did a test on his site. Acting as Joe Stalin, I went onto the Obama site
and donated $5.00. I used false information, address: 100 Red Square,
telephone number 323-666-1953, zip code 10001, Employer: Kremlin
Occupation: Dictator. I did use my valid credit card numbers and expiration
date. The typical security measures, Address Verification System and the
Card Validation Code are not present on the Obama site. So there is nothing
in place to verify who I am. (Please see attachment. [I have his attachment. I see no point in putting it up; we all know Obama’s site allows this — ace.]) I clicked submit. The transaction went through.
Then I went to McCain’s site, and entered in the same information. Joe
Stalin. $5.00. As you can see, my donation was rejected for errors.
* What’s the big deal? Obama has left the door open for anyone to run prepaid cards and foreign credit cards without proper screening. In addition, it is easy to run multi-transactions on the same card but under different aliases. In other words, an organization like Move On.org could run tens of thousands of transactions for millions of dollars using essentially cards belonging to only handful of very large liberal donors like George Soros, Peter Lewis and Eric Schmidt.
In addition, Obama’s site violates his agreement with Visa/Mastercard. Visa Mastercard regulations require each credit card acceptor to “obtain the 3 digit Card Validation Code [CVV2 found on the back of your credit card. 4 digits for American Express Cards] and submit this code with all authorization requests with respect to transactions where the card is not present…” [cite:] Visa/Master Program Guide.
(Please see attachment or go to Obama’s site. You will notice that Obama’s donation site does not have this code requirement, which is in direct violation of Visa/Mastercard regulations.)
Speculations as to why?
Many foreign credit cards do not have CVV2 codes. Requiring such codes would limit foreign donations.
Secondly, disabling the security allows would be credit card thieves to
“ping” numbers till they get a hit. In other words, a crook could simply
type in random numbers until he found one sequence that worked in some
fashion. That could give a thief a starting point for committing credit-card fraud. If all they had to do was type nonsense values for names and addresses, such as Doodad Pro, they could quickly determine which numbers were valid – and they could probably program bots to do that kind of work.
Read the entire thing. And take a deep breath before guessing why the media isn’t all over this.