Patterico's Pontifications

10/8/2012

Report: Obama Campaign Opens Loophole for Illegal Foreign Campaign Donations

Filed under: General — Patterico @ 9:36 am



Corruption? You betcha:

A new report obtained by Townhall from the non-partisan Government Accountability Institute [GAI] shows the Obama campaign has potentially violated federal election law by failing to prevent the use of fraudulent or foreign credit card transactions on the official Obama for America [OFA] donation webpage.

. . . .

“As FBI surveillance tapes have previously shown, foreign governments understand and are eager to exploit the weaknesses of American campaigns,” the report says. “This, combined with the Internet’s ability to disintermediate campaign contributions on a mass scale, as well as outmoded and lax Federal Election Commission rules, make U.S. elections vulnerable to foreign influence.”

The problem is the campaign’s lack of a CVV requirement — that three or four digit security code on your credit card that merchants always ask for . . . when they care whether your purchase is fraudulent:

OFA seems to be taking advantage of a “foreign donor loophole” by not using CVV on their campaign donation page. When you donate online to the Obama campaign using a credit card, the contribution webpage does not require donors to enter a secure CVV number (also known as CSC, CVV2 or CVN), the three-digit securing code on the back of credit cards. This code, although not 100 percent effective, is used to ensure a person making a purchase physically possesses the card. According to the report, 90 percent of e-commerce and 19 of the 20 largest charities in the United States use a CVV code, making its use standard industry practice in order to prevent fraud. Another anti-fraud security measure includes software, better known as an Address Verification System, to verify a donor’s address matches the address on file with the credit card company. The investigation could not determine whether OFA is using this type of software to prevent fraudulent or illegal donations.

Because of the lack of a CVV code requirement, the door is opened for OFA to accept robo-donations, or in other words, large numbers of small and automatic donations made online to evade FEC reporting requirements. Although it isn’t illegal to decline the use of a secure CVV credit card code for campaign donations, it is illegal to accept campaign donations from foreign sources. Campaigns are required under criminal code not to solicit, accept or receive foreign donations in any amount. The Federal Elections Commission doesn’t require campaigns to disclose the names of donors making contributions of less than $200 unless audited. In addition, FEC rules don’t require campaigns to keep records of those giving less than $50. These rules combined with the lack of a CVV numbers make it easy for campaigns to get away with taking foreign donations.

I demonstrated this on my blog yesterday, with screenshots. I went to Obama’s website, said I wanted to donate $3, and entered fraudulent information. I got to the point where they wanted me to hit the donate button (which I did not do), and was never asked for a security code. Here was my first page entry:

Then I entered my credit card number and expiration date (no screenshot of that, sorry!), and I then got this page, asking for my employer and occupation, which I duly filled in with more fraudulent information:

Whether the donation would have worked, I don’t know. I didn’t want to hit the donate button as I was afraid I would be running afoul of the law if I did. However, if I were in the government doing an official investigation, it would have been simple to do, and see if the donation went through. That’s why it’s frustrating to read that “[t]he investigation could not determine whether OFA is using [address verification] software to prevent fraudulent or illegal donations.” Why not?

If my commenter John Cunningham is telling the truth, I could have donated $3 as Nosuch Person and it would have gone through. Here is what he said on my blog yesterday:

There can be no doubt that the Obama web site is wide open for foreign money and fraud. I was over at a buddy’s house a month ago, I watched him log onto the Obama site, use his Visa card to donate $5, with no request for security code. he was moved to a page that asked for his personal info.

He entered Josef Stalin, Apt. 2, the Kremlin, Red Square, Moscow. Job–General Secretary. Employer: Communist Party of the Soviet Union.

It took the donation. his account was charged a couple of days later.

By the way, the Romney campaign? They require the CVV:

Suckers.

The Obama campaign knows exactly what they’re doing — because they did it in 2008. And virtually nobody in Big Media called them on it then.

So why not repeat it? What, because of ethics, or morals, or something?

Ha!

UPDATE: It is probably worth noting that we have also learned today that a major bundler for Obama has ties to the Chinese government. Cue the crickets . . .

173 Responses to “Report: Obama Campaign Opens Loophole for Illegal Foreign Campaign Donations”

  1. Ding.

    Patterico (8b3905)

  2. It’s just a more sophisticated version of the Clinton 1996 campaign fundraising strategy. You raise all of the illegal money that is necessary to ensure your victory, then after the votes have been counted you raise money from rich liberals to pay back all of the illegal donations and the token fine that has been levied on your campaign. Four years ago I thought that the one saving grace of Obama was that he wasn’t as relentlessly cynical has Clinton had been. Boy was I proved wrong.

    JVW (f5695c)

  3. I’ve been following this as much as one can, and reading about it today.

    I agree this is an absolutely horrible and deliberate scandal, and that it is expressly designed (with some lame plausible deniability built in) to circumvent foreign donor laws and to get some foreign large-scale contributions flown in under the radar, broken into smaller transactions … as well as for individual foreign donors to be able to donate to the Obama campaign.

    All ghastly and illegal to the degree that motive can be proven.

    What I’m wholly unconvinced of, however, is that the people can be roused to care. I hope to be proven wrong, but ….

    Random (edf1d2)

  4. Be interesting to take those odd-number donations and see that currency they likely started out as.

    Space Cockroach (8096f2)

  5. UPDATE: It is probably worth noting that we have also learned today that a major bundler for Obama has ties to the Chinese government. Cue the crickets . . .

    Patterico (8b3905)

  6. And yet they feign outrage over Citizens United.

    Rob Crawford (c55962)

  7. Well, the entire issue is whether the donation goes through or not. So, the rightwing geniuses have proven that you can enter bogus information into a web form before hitting “submit.”

    But, an anonymous commenter claimed his transaction went through . . .

    The FEC audited the Obama campaigns donations in 2008 and found nothing.

    P.S. You know who also has extensive ties to Chinese state-owned enterprises?

    Mitt Romney!

    http://news.yahoo.com/blogs/ticket/obama-camp-whacks-romney-over-firm-china-surveillance-215345154.html

    Geek, Esq. (f2a108)

  8. There is a parallel here with voter fraud. You make it very easy to circumvent the rules, then claim there is no evidence the rules were broken. The Doodad Pros and the specific cases of voter fraud? Outliers!

    Geek, Esq., WHY does Obama not require a CVV? Because it’s impossible to get one and requiring it would disenfranchise voters? Or am I mixing up my scenario where Democrats encourage fraud?

    What is the legitimate reason for not requiring the CVV???

    Patterico (8b3905)

  9. Another good thing about this story (as well as other recent stories) is that it’s not just conservatives who wait each day to see what breaking story might hurt their candidate. In other words, it’s not just conservatives who are feeling the spotlight — and that’s as it should be.

    Also, notice who is breaking these stories. The traditional media wants to be the gatekeeper but it isn’t anymore.

    DRJ (a83b8b)

  10. Yeah, the issue is whether the donation goes through, but if I tested that by hitting the donate button, the same people who demand O’Keefe to be prosecuted for investigating voter fraud would demand that I be prosecuted for donation fraud.

    Another parallel between voter fraud and donation fraud.

    How would Geek, Esq. propose that the obvious potential for abuse be investigated?

    And why is it not happening?

    Patterico (8b3905)

  11. Patterico, my favorite part of the GAI report is that the Obama site DOES require a CVV — if you want to buy one of his narcissistic t-shirts or a copy of one of his pseudo-autobiographies. It’s only when you want to make a campaign donation that the CVV requirement disappears.

    JVW (f5695c)

  12. I’m not on Obama’s web team, so I can’t offer an explanation. You’ll note that the report states that 47% of campaign websites don’t require it. (But it’s not your job to worry about them)

    If I had to guess, it’s to make donating easier and simpler.

    Note that AVS systems are used by credit card companies, and that the Obama online donation form requires a US address. So, the only kind of fraud that could slip through the cracks is identity theft situations where someone commits wire fraud in order to make small donations.

    Geek, Esq. (f2a108)

  13. Who should be clicking the donate button are FBI agents from outside the US, and they should be doing so to build a case for soliciting foreign donations.

    That’s if there was a functioning non-corrupt national police force (by which I’m referring to their current leadership).

    Random (edf1d2)

  14. “The FEC audited the Obama campaigns donations in 2008 and found nothing.”

    Geek, Esq. – There was an audit? Do you have a link?

    daleyrocks (bf33e9)

  15. In other words, it’s likely your anonymous commenter was not telling the truth. If you give an address that doesn’t match your address on file with the bank who issued your credit card, it’ll get rejected. This is web commerce 101.

    Geek, Esq. (f2a108)

  16. Daley rocks:

    http://www.washingtonpost.com/politics/obama-08-campaign-failed-to-disclose-2-million-in-contributions-fec-audit-finds/2012/04/19/gIQAbFcXTT_story.html

    In 2008, Republicans made an issue out of the millions in small donations that Obama’s campaign raised in the last two months of the campaign, charging that he was accepting money from foreigners or fictitious people.

    The FEC audit, which included an investigation of “contributions from prohibited sources,” found no evidence to substantiate those allegations

    Geek, Esq. (f2a108)

  17. When you, through an act of commission, enable a fraud, you perpetrate that fraud upon the system that supposedly oversees, and regulates you.
    By requiring a CVV for a purchase, and not requiring it for a donation, a Prima Facie case is presented that a fraud is the desired outcome.

    Just what you would expect from Axelfraud and Company.

    AD-Restore the Republic/Obama Sucks! (b8ab92)

  18. Geek, Esq.,

    The failure of O’s donation system to follow Web Commerce 101 is kind of the point of the post.

    I asked you two questions. I want to make sure you didn’t miss them. I would be interested in your answers.

    Patterico (8b3905)

  19. A US address….
    Yes, like those overseas cc donations that came from the State of GA (was that the Country of Georgia, or the PA territory of Gaza?

    IIRC, it was both.

    AD-Restore the Republic/Obama Sucks! (b8ab92)

  20. Geek Esq. raises one valid point. Does the system reject donations with non-US addresses and addresses that don’t match the info on file with the credit card company?

    Since the commenter Patterico referred to listed his address as being the Kremlin, it would appear that foreign donations are dead easy to get through. However, is that information accurate? It’s an important question.

    Not requiring the CVV may make it easier to use stolen credit cards, unauthorized credit cards, paid-for-by-cash prepaid VISA or MasterCards, etc., more so than “foreign” credit cards.

    So it is an important point worth clarifying.

    Random (edf1d2)

  21. Here is a link to the old whitewash audit report.

    daleyrocks (bf33e9)

  22. There’s good and bad news with this story.

    The bad being a lot of this money was stolen from us in the first place, from that laundered in crony socialism like Green Shoots, to Arab Oil.

    The good news is a lot of it is going straight down the rat hole. Down Low will lose, some of it will never get spent by the campaign, and a lot of Dhimmis are going to get stiffed all the same.

    gary gulrud (dd7d4e)

  23. Geek, Esq. – Deliberately missing the point since 2007.

    daleyrocks (bf33e9)

  24. I answered your question as to why they don’t ask for the CVV–my best guess is that they want to make donating as easy as possible. Anything that makes it more inconvenient to donate will make that donation less likely.

    As far as discovering abuse is concerned, if investigative journalists can try to sneak weapons past TSA agents, pretty sure that they can also try to donate $3 using inaccurate information on a web form while using their own credit card information.

    http://www.nydailynews.com/archives/news/weapons-fly-airports-news-boards-14-jets-contraband-security-push-article-1.505317

    And, let’s be honest, if they could bust Obama committing massive financial fraud, there’d be 100 O’Keefe’s out there willing to try it.

    The problem is that there is no problem. You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.

    Geek, Esq. (f2a108)

  25. When Teh Won announced in (?) 2010 or 2011, that this would be a Billion-Dollar campaign, my first reaction was that he was building a slush-fund to convert to personal use just in case he lost – and IIRC I remarked here on that concern.

    AD-Restore the Republic/Obama Sucks! (b8ab92)

  26. geek is commanding us not to look at that solitary figure on the grassy-knoll.

    AD-Restore the Republic/Obama Sucks! (b8ab92)

  27. Is there a matching donation program sponsored by foreign governments for the Obama campaign?

    daleyrocks (bf33e9)

  28. The problem is that there is no problem. You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.

    There is no evidence if this, and much to suggest you are lying, or stupid.

    JD (7a2a8e)

  29. “In other words, it’s likely your anonymous commenter was not telling the truth. If you give an address that doesn’t match your address on file with the bank who issued your credit card, it’ll get rejected. This is web commerce 101.

    Comment by Geek, Esq. ”

    Why does the left insist that their lies are the whole story ? The CVV is only part of the story. There were people in 2008 who did submit small donations with false names and addresses. The AVS system is also disabled. I’d like to know where that ” You’ll note that the report states that 47% of campaign websites don’t require it. ”
    comes from. Maybe Blagojovich’s campaign.

    Mike K (326cba)

  30. “You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.”

    That’s a verifiable assertion. Is it true or not true?

    Now if it is true, then removing the standard CVV requirement makes foreign donations much easier by what mechanism?

    It’s a fair question for which there may be a good answer.

    Random (edf1d2)

  31. The 2008 Obama campaign pocketed money from “John Galt, 1957 Ayn Rand Lane, Galts Gulch CO 99999” and $174,000 from a woman in Missouri who told reporters she had given nothing and had never been billed. Presumably she would have noticed an extra charge of $174,000.

    Obviously the Palestinians used her name to donate. Maybe the Romney DoJ will be more interested in prosecution than Holder. Jesse Jackson Jr may be looking at some time in the grey bar hotel for his involvement in Blago’s shenanigans. No wonder he is depressed.

    Mike K (326cba)

  32. Geek, Esq.

    Here’s the potential problem identified by the report.

    Chinese company in Shanghai wants to inject $10 million into US election in support of Obama. They provide 1000 credit cards to 1000 workers, and give them access to computer terminals.

    The workers then spend all day logging into Obama website, and repeatedly make contributions under $50 using different names and addresses so the transactions look like they are coming from different people, until they reach a certain number.

    Because federal election rules provide that the campaigns are not required to keep information on donations of $50 or less, all this data can be dumped, and there is no forensic trail to follow.

    shipwreckedcrew (c5d797)

  33. In other words, it’s likely your anonymous commenter was not telling the truth. If you give an address that doesn’t match your address on file with the bank who issued your credit card, it’ll get rejected. This is web commerce 101.
    -Geek, Esq.

    Sorry, but that’s not how it works. You actually have a fair amount of control over whether or not to accept the transaction- you can choose whether or not to require a CVV, but you pay for the privilege if you do not- so that’s one oddity- why pay more to process credit card transactions when there is also a higher fraud risk for doing so? As far as addresses go, you again have options here to make the address check tighter or looser, and accept or reject based on the data provided.

    The flip side is if you accept too many transactions that later have to be backed out as fraudulent, the credit card companies will cancel your merchant account. I doubt that’s a worry for most national politicians.

    Since only transactions over $200 have to be reported to the FEC, it’s easy to see why no evidence of wrongdoing might be found. It might be interesting to test some of these sites from the US, and outside the US, with US and non-US addresses, with correct and incorrect addresses, and for amounts over and under $200 and see what turns up.

    I also noted here in PA, that Bob Casey, the black sheep of the Dem side of the Senate, also does not require CVV on his site. I guess the word is getting out.

    momnotmom (73120f)

  34. “You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.”

    Geek, Esq. – What if you have a foreign card with a foreign address? What is your evidence that will be kicked out of the system?

    daleyrocks (bf33e9)

  35. The problem is that there is no problem. You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.

    There is no evidence if this, and much to suggest you are lying, or stupid.

    1. The Obama campaign form requires a US address. Go ahead, try and submit something with an address in China or Russia or even Mexico. Note that “State” and “Zip code” are required fields in the form entry.

    2. Merchants have to use credit card network security protocols. That includes asking for addresses for online transactions. The Obama campaign would not be given the option by credit card issuers or networks to opt out of AVS.

    Geek, Esq. (f2a108)

  36. Shorter geek: ‘there is no controlling authority’.

    gary gulrud (dd7d4e)

  37. Another anti-fraud security measure includes software, better known as an Address Verification System, to verify a donor’s address matches the address on file with the credit card company. The investigation could not determine whether OFA is using this type of software to prevent fraudulent or illegal donations.

    Quote from the post.

    Patterico (8b3905)

  38. “You need a US address to donate, and that address needs to match the credit card information. Otherwise, the transaction will get kicked.”

    Geek, Esq. – As shipwreckcrew pointed out above, what if you use prepaid cards coming from foreign sources? What is your evidence those transactions will be rejected?

    daleyrocks (bf33e9)

  39. I answered your question as to why they don’t ask for the CVV–my best guess is that they want to make donating as easy as possible. Anything that makes it more inconvenient to donate will make that donation less likely.

    Then why don’t they want to make it as easy as possible to buy their T-shirts? They require a CVV for that.

    Patterico (8b3905)

  40. “The workers then spend all day logging into Obama website, and repeatedly make contributions under $50 using different names and addresses so the transactions look like they are coming from different people, until they reach a certain number.”

    I assume you’re talking about providing US addresses.

    In any case, here’s the thing: does the system kick out the transactions because they don’t match the addresses on the credit cards, or do they all get accepted? Or is each credit card and actual valid US card with a matching (and Obama.com verified) US address (such as, say, a prepaid VISA card), and they’re handed off to Chinese nationals to make the donations?

    I’m not sure exactly how it would work. It really depends largely on whether Geek Esq.’s claim about the address verification.

    Random (edf1d2)

  41. *an

    Random (edf1d2)

  42. “Quote from the post.”

    Patterico – Please, it is too much to ask of the Geek to read background material which does not support talking points.

    daleyrocks (bf33e9)

  43. Chinese company in Shanghai wants to inject $10 million into US election in support of Obama. They provide 1000 credit cards to 1000 workers, and give them access to computer terminals.

    The workers then spend all day logging into Obama website, and repeatedly make contributions under $50 using different names and addresses so the transactions look like they are coming from different people, until they reach a certain number.

    Do those cards have US addresses on file? If they don’t, they’re not going to go through.

    Geek, Esq. – What if you have a foreign card with a foreign address? What is your evidence that will be kicked out of the system?

    Do you see Patterico’s screen shots? Note the asterisks by “State” and “zip code.” Those are “required fields” i.e. you need to choose a state and a zip code. If you don’t enter a state and a zip code, your transaction won’t go through.

    So, it’s literally impossible to enter a foreign address for a donation.

    Geek, Esq. (f2a108)

  44. So, it’s literally impossible to enter a foreign address for a donation.

    Savage those straw people.

    JD (7a2a8e)

  45. Yeah, getting prepaid VISA or MasterCards, legitimately purchased in the US, and then using these to place small donations seems plausible. However, you wouldn’t need to disable CVV verification for that, would you? It’s just straightforward fraud of a different type.

    I think the question is how does disabling CVV verification increase foreign donor fraud? It would seem that disabling address matching would be the key requirement there.

    However, disabling CVV verification would increase the type of fraud it was designed to prevent — stolen/unauthorized credit card numbers with the card not in the physical possession of the card holder.

    Random (edf1d2)

  46. I answered your question as to why they don’t ask for the CVV–my best guess is that they want to make donating as easy as possible. Anything that makes it more inconvenient to donate will make that donation less likely.
    Comment by Geek, Esq. — 10/8/2012 @ 10:42 am

    What is so hard about putting in a CVV number? The CVV number is on the same card as the account number, unless you have managed to memorize the account number but not the CVV number.

    But they don’t want to make it as easy as possible to but Obama stuff?

    For those who have investigated the details more closely than I, I know the campaigns do not have to have records of contributions less than $200, but don’t credit card companies have the ability to data mine to see what credit cards were charge money for various accounts? Or can they only do this with a subpoena and there has never been a subpoena?
    If the account numbers were available, do we think we would find a lot of donations from overseas, or a lot of people donating way over their max in sub $200 amounts? Both?

    Q: Why did the chicken cross the road?
    A: (possible) from Mr./Ms. Geek- Whatever the reason was, it couldn’t have involved the obvious answer of getting to the other side.

    MD in Philly (3d3f72)

  47. What about pre paid debit cards? Geek is ignoring the differing layers of AVS, a d their history of not using CCV so people like doodad pro can donate.

    JD (7a2a8e)

  48. Maybe some lawyer person can determine whether it is illegal or not to send a donation with a bogus address? If we can verify it is not illegal to donate in such a way then we can do it and verify.

    Is it fraud if you use your own card with bogus info as long as you pay the bill when it comes?

    MD in Philly (3d3f72)

  49. Following up on momnonmom comment #33 that other Democrats are using the same technique, MD in Philly linked this website where you can check whether your State’s elected representatives require CVV validation.

    In my state, Texas, there are 20 representatives who require validation and all but one — Lloyd Doggett — are Republicans. Of the 8 representatives listed who don’t require CVV, 4 are Democrats and 4 are Republican.

    DRJ (a83b8b)

  50. “The workers then spend all day logging into Obama website, and repeatedly make contributions under $50 using different names and addresses so the transactions look like they are coming from different people, until they reach a certain number.”

    As far as this goes, is the claim that Obama’s site ever site shut off (or could shut off and the credit card companies would be cool with that) both address verification and name verification?

    Because according to Patterico’s commenter, it accepted a donation in the name of Joseph Stalin, address the Kremlin, which clearly would not match the info on file with the credit card company. Did Patterico get snowed or is Geek Esq. out to lunch with his claims that the addresses and names need to match?

    Random (edf1d2)

  51. Then why don’t they want to make it as easy as possible to buy their T-shirts? They require a CVV for that.

    Probably economics and logistics.

    A couple of facts would explain:

    1) They can’t store CVV information on file. So, if the CVV is required, they have to enter it each time. If they don’t require it, then it’s not required.

    2) Transactions requiring CVV get charged a lower interchange rate than those that don’t.

    For small dollar “pure” donations, it makes more sense to pay the higher interchange rate and simplify the process. That way, they have “one click” donations. They send you the email with donation links, you click on the link, and the donation is made. Ditto with text donations. Simple as that. This helps make repeat donations more likely. If a person had to re-enter the CVV each time, they’d lose a fair number of donations from email solicitations.

    Merchandise purchases tend to be less frequent and not done impulsively. They probably save more on the interchange rate than they lose in abandoned purchases.

    Geek, Esq. (f2a108)

  52. The threads focus will hurt because its simply in addition to Benghazi, F&F, disenfranchisement of military voters, failure of the SEC to bring charges against Corzine and JPM, ad infinitum. The Undecideds have nothing on which to pin a prayer flag.

    Going into the booth they know Ogabe will at minimum find his agenda unappropriated. He will be in a battle every step of the way to stay out of Committee interrogation for a supplementary four to right that Incomplete.

    Tester and Nelson will lose, Heller and Brown will win and that’s just the close battles.

    gary gulrud (dd7d4e)

  53. What is so hard about putting in a CVV number? The CVV number is on the same card as the account number, unless you have managed to memorize the account number but not the CVV number.

    They’re allowed to save your address and credit card numbers and expiration date on file. They’re NOT allowed to save the CVV.

    Why this matters:

    Obama supporters get email soliciations with direct donation links–you can read an email on your phone while jogging, click on a donation link, and you’ve just donated $14, or $35. If they required a CVV, you’d have to wait until you got home to dig out your credit card.

    They get charged a higher interchange rate by the credit card networks/issuing banks because it’s a less secure transaction. But it’s probably worth it to increase the response rate and donations.

    Geek, Esq. (f2a108)

  54. Alright, as someone who has more than a passing interest in eCommerce, I find Geek, Esq.’s explanation plausible, if not necessarily accurate in this case:

    For small dollar “pure” donations, it makes more sense to pay the higher interchange rate and simplify the process. That way, they have “one click” donations. They send you the email with donation links, you click on the link, and the donation is made. Ditto with text donations. Simple as that. This helps make repeat donations more likely. If a person had to re-enter the CVV each time, they’d lose a fair number of donations from email solicitations.

    Merchandise purchases tend to be less frequent and not done impulsively. They probably save more on the interchange rate than they lose in abandoned purchases.

    That would explain why several Republicans uses this tactic, and I am hoping they’re not tied to foreign donors. It also raises the question of, as long as the name and address verifications are in place and there’s no reason to think the card is fraudulent or foreign-owned, why doesn’t the Romney campaign disable CVV-verification to make for easy text message donations and one-click email solicitation donations?

    I assume in the latter case the person would have to be logged into MittRomney.com, have their credit card on file, and have the proper cookies in their browser — but if it makes donating to Romney easy, I’m OK with that.

    As long as names and addresses are verified, and there’s no reason to suspect a foreign donor or credit card fraud.

    Random (edf1d2)

  55. Did Patterico get snowed or is Geek Esq. out to lunch with his claims that the addresses and names need to match?

    Um, saying “if my commenter is telling the truth” is not getting “snowed.”

    You can very rapidly make me decide it’s worth my while to ban you again. I’m 99% of the way there right now.

    Patterico (8b3905)

  56. Do you see Patterico’s screen shots? Note the asterisks by “State” and “zip code.” Those are “required fields” i.e. you need to choose a state and a zip code. If you don’t enter a state and a zip code, your transaction won’t go through.
    Comment by Geek, Esq. — 10/8/2012 @ 11:01 am

    Try it and show us the screen shots saying they can’t process the order, since you are so sure they won’t.

    Me, I need to wait until I have professional guidance that Black Helicopters will not get me if I demonstrate it is possible. I don’t have any fancy ISP re-router here at home, it’s only on my computer at my NSA office. 😉 (Just kidding, FBI)

    MD in Philly (3d3f72)

  57. So, geek, let’s back up and start here.

    If perchance–if just possibly–if maybe in the unlikely event there were a way prepaid or other unverified credit cards from here or abroad were being accepted for small or large donations by the Obama website, would you have a problem with it? Would that be OK with you as you understand Federal election law?

    elissa (da1bf0)

  58. Well, actually, passing on info that someone mislead you on would be the definition of being snowed. I don’t know that he mislead you, nor did you claim his info to be accurate, and you pointed that out in your post. So if that’s what upset you, I apologize.

    To be more complete, since I initially accepted the commenter’s information as valid, I would be among the “snowed” in that scenario.

    Random (edf1d2)

  59. If you buy a prepaid credit card to use in online transactions, your one security measure is that you can force it to be affiliated with a certain ZIP code. If you do not take the time to proactively associate the card number with a ZIP code, then any address will “match” the card. If you put in a ZIP code, only the ZIP code, not the street address nor name, need to match.

    My understanding of the $50 rule and the $200 rule is that campaigns are required to make their best efforts to keep track of small donations so that if the total is above $200, that person’s name and occupation can be reported.

    Whether the Obama campaign is even trying to do that, or if lack of even trying can be proven, is an interesting question.

    bridget (862c19)

  60. You can very rapidly make me decide it’s worth my while to ban you again. I’m 99% of the way there right now.
    Comment by Patterico — 10/8/2012 @ 11:22 am

    I’m often in favor of banning some folk, but with a little clarification of legality we should be able to prove this one bogus before banning, unless he/she wants to demonstrate it will not go through with screen shots per #56.

    MD in Philly (3d3f72)

  61. Re: Geek, “Esq.”

    Really, what is the point? I wouldn’t believe you’re a lawyer if you dribbled latin.

    Half of these low lifes are really are attorneys. Why bother with the farce?

    gary gulrud (dd7d4e)

  62. Comment by bridget — 10/8/2012 @ 11:26 am

    Thanks for that info, I was just discussing with someone that if one buys a prepaid card with cash is there any traceable record.

    MD in Philly (3d3f72)

  63. “What is so hard about putting in a CVV number? The CVV number is on the same card as the account number, unless you have managed to memorize the account number but not the CVV number.”

    MD in Philly – It is racist to require one, cracker.

    daleyrocks (bf33e9)

  64. MD – My sarc tag did not come through.

    daleyrocks (bf33e9)

  65. It all hinges on who is right re: verifying addresses as both US and matching the info on file with the credit card company. If Patterico’s commenter is right, and Joseph Stalin of the Kremlin goes through, then that’s obviously a massive problem. If Geek Esq. is right and the Obama campaign pays a higher fee (due to more chargebacks/invalid transactions) by disabling CVV verification, but addresses are still verified as both US and matching the cardholder, and this tactic is used by other candidates including some Republicans, then it may be tolerating some shady transactions (stolen credit card numbers) to make it easier to fundraise, but not mainly to enable foreign donor fraud per se.

    At least that’s the question.

    Random (edf1d2)

  66. Here is a bit more on the mysterious American Obama bundler who lives in Shanghai. Curious that he was treated as a VIP during Hu Jintao’s visit to the White House last year.

    JVW (f5695c)

  67. MD – My sarc tag did not come through.
    Comment by daleyrocks — 10/8/2012 @ 11:31 am

    No prob, just don’t turn out the lights tonight.
    [Sarc}

    MD in Philly (3d3f72)

  68. If you buy a prepaid credit card to use in online transactions, your one security measure is that you can force it to be affiliated with a certain ZIP code. If you do not take the time to proactively associate the card number with a ZIP code, then any address will “match” the card. If you put in a ZIP code, only the ZIP code, not the street address nor name, need to match.

    Really? That is pretty bad security.

    If you’re right, that could provide a way for foreign donor fraud. However, is CVV verification even a factor in your scenario?

    Random (edf1d2)

  69. 57. I agree, Dweeb, answer the lady.

    gary gulrud (dd7d4e)

  70. The investigation could not determine whether OFA is using this type of software to prevent fraudulent or illegal donations.

    Could not determine something this straightforward? Sounds like a crackerjack investigation, alright.

    ras (be1e0d)

  71. From the report summary:
    And there is very real evidence that the campaign is not using the address verification system (AVS) in any real way. There are simply too many contributions they accept with either no zip code or an incorrect zip code.

    Either the people who did the report are lying, or contributions can go through without a zip code or using a fraudulent one. I’ll be happy to see evidence that the report is fraudulent, if you can show it.

    MD in Philly (3d3f72)

  72. And there is very real evidence that the campaign is not using the address verification system (AVS) in any real way. There are simply too many contributions they accept with either no zip code or an incorrect zip code.

    Ah, well, there you go. It would appear that in 2008 at least, Geek Esq.’s answers would have been out to lunch. I’m hard pressed, given the above, to accept his assertions.

    It’s still possible Obama’s campaign kept the CVV-verification disabled while tightening address verification, but what MD in Philly said makes it easier to believe that Patterico’s commenter could have been right.

    So in essence what the commenter’s claiming, I think, is that you can write whatever name down and whatever street address, but you would, presumably, still have to list a US state and Zip Code (which doesn’t actually have to match the info on file!).

    Is that about right?

    Random (edf1d2)

  73. For those wringing their hands about the Chinese buying up Visa and MC prepaid cards and using them for donations–how would such cards get activated? And at what point does this get to be “counting the # of angels on the head of a pin” territory?

    There’s, well, zero evidence of any actual fraud here (unlike the RNC’s voter registration efforts in places like Florida).

    Geek, Esq. (f2a108)

  74. Either the people who did the report are lying, or contributions can go through without a zip code or using a fraudulent one. I’ll be happy to see evidence that the report is fraudulent, if you can show it.

    The report did not produce any evidence of such donations/transactions occurring.

    Geek, Esq. (f2a108)

  75. I’m seeing two ways the “mandatory” state and zip fields could work. (1) they’re US addresses by definition and get sent back to the credit companies to be verified, and any non-matching info causes the card to be declined as is normal in eCommerce, or (2) they’re US addresses by definition and the Obama campaign has them there to provide a fig leaf cover for not accepting foreign donations, but they do not verify the info with the credit card companies or, at a minimum, allow transactions to proceed despite mismatches.

    Which would be bad.

    But I don’t know which one’s true. What do you think?

    Random (edf1d2)

  76. Geek, Esq.:

    From the report summary regarding the 2008 election:

    And there is very real evidence that the campaign is not using the address verification system (AVS) in any real way. There are simply too many contributions they accept with either no zip code or an incorrect zip code.

    You claim that any transactions without a zip code can’t go through, and addresses that don’t match the credit card can’t go through.

    Well. How do you explain the report’s findings?

    Random (edf1d2)

  77. Well I will give Geek this much–he/she/it has a better chance of emerging victorious today than Unca Joe on Thursday eve.

    http://www.thedailybeast.com/newsweek/2012/10/07/michael-tomasky-on-joe-biden-s-turn-to-take-down-paul-ryan.html

    Seriously, why would you even put pen to paper over such fantasy? Lipstick, push-up bra, crotchless panties he’s still a sow.

    gary gulrud (dd7d4e)

  78. The report did not produce any evidence of such donations/transactions occurring.

    Geek, Esq., you claim it’s impossible now. If so, how come the report’s investigators were able to do so?

    Something isn’t adding up, and it’s looking like it might be your assertions.

    Random (edf1d2)

  79. Joe Biden has more experience debating than does Paul Ryan, gary gulrud. And while I agree Ryan’s a formidable intellect and … er, Joe Biden … he’s being prepped and drilled to heck and back now. He only has to keep it together for about 40-odd minutes or so of his speaking. And expectations for Biden are so low and for Ryan so high.

    So this gives me some angst.

    That said, I’m looking forward to Ryan flaying him alive. Popcorn.

    Random (edf1d2)

  80. The report did not produce any evidence of such donations/transactions occurring.
    Comment by Geek, Esq. — 10/8/2012 @ 11:53 am

    Where did you get your copy to verify your claim?

    When I went to the website and tried the link to the raw data I got this message:

    raw data.
    Files coming soon. To receive the files 12 hours before the general public, along with other updates, sign up here:

    I’ll let you know when I get my copy, unless you want to forward me a copy of yours.

    MD in Philly (3d3f72)

  81. I answered your question as to why they don’t ask for the CVV–my best guess is that they want to make donating as easy as possible.

    Of course — any more difficult, and the fraudulent donations wouldn’t be made.

    (Seriously, how much difficulty does a single field add?)

    Rob Crawford (c55962)

  82. They get charged a higher interchange rate by the credit card networks/issuing banks because it’s a less secure transaction. But it’s probably worth it to increase the response rate and donations.

    How does less protection against fraud increase the response rate if not by permitting fraud?

    Does ANYONE throw their hands in the air and give up because there’s a single extra field on a form?

    Rob Crawford (c55962)

  83. I’m positively giddy Willard is poking the foreign policy stick in the cage a week out.

    The Gay Prostitute will be piqued into a blood rage when he hits the stage.

    May the better underware win, telestial or penis clincher.

    gary gulrud (dd7d4e)

  84. The investigation could not determine whether OFA is using this type of (AVS) software to prevent fraudulent or illegal donations

    There are simply too many contributions they accept with either no zip code or an incorrect zip code.

    These statements are contradictory. Donations being processed without a valid zip code are direct evidence that there is not an AVS being used. But, here’s the link for the report:

    http://campaignfundingrisks.com/wp-content/themes/cfr/images/AmericaTheVulnerable.pdf

    Please quote the part where it discusses donations processed without a valid zip code.

    For the win:

    http://electionlawblog.org/?p=33935

    Credit card contributions to Obama for America are, in fact, processed using AVS (Address Verification System).

    “If a billing address is verified via AVS, then the credit card contribution is processed without delay. Some transactions caught by AVS may initially appear to a donor to have been accepted even though this is not the case. Obama for America employs a manual process to review any transaction flagged by AVS, also taking into account other fraud risk factors, and using fraud detection services provided by our credit card processor.

    “As an example, the contribution discussed here http://www.powerlineblog.com/archives/2012/04/dubious-donations-illustrated-illegal-contributor-edition.php may have initially appeared to have gone through when the donor completed the transaction at 10:18 a.m. but it was rejected at 4:51 p.m. under our standard fraud detection procedures.

    “So any claims that Obama for America has disabled AVS are inaccurate; any question about this would have been answered–if the question had been asked.”

    Sorry to burst your bubble.

    Geek, Esq. (f2a108)

  85. When you pin your hopes on the idea of putting Joe Biden in the national spotlight for 90 minutes….

    …well, it breaks my heart. So sad.

    Pious Agnostic (7c3d5b)

  86. The report did not produce any evidence of such donations/transactions occurring.

    He actually answered that question well. The problem I have with the very smart, if on a mission, Geek, Esq. is that while everything he’s saying might be true for some campaign somewhere, it doesn’t appear to be true for the Obama campaign specifically — which has a history of not doing proper credit card address verification.

    However, in principle, it makes sense to keep someone’s credit card info on file so when they log in to the account and/or have the Web browser cookie active, they can easily donate with a single click (as in via an email solicitation) or, alternatively, by sending a simple text message in reply to a solicitation. In return for the convenience, there would be more credit card fraud.

    Remember, the victims of this are ultimately the credit card companies who have to compensate cardholders for fraudulent transactions. This is why they charge the merchant higher fees for accepting credit cards without CVV verification.

    Nothing about that is illogical, and it makes sense from a fundraising perspective. Some — but much fewer — Republican candidates do it too.

    The bigger problem, I’ll reiterate, seems to be that the Obama campaign has, according the the report in 2008 at least, made it easy to donate without matching credit card address information.

    And name information.

    Random (edf1d2)

  87. Correction to the above. Copy and paste error. I should have blockquoted this to start my last comment:

    (Seriously, how much difficulty does a single field add?)

    He actually answered that question ….

    Random (edf1d2)

  88. I have to confess: I know my CVV number but not my credit card number. And I don’t leave my credit card number on file anywhere. How hard is it to type in 3 more numbers after typing in 12?

    Random appears to be acting dense on purpose. It isn’t working.

    PatAZ (a12365)

  89. As a liberal, I’m quite certain that Paul Ryan will embarrass Joe Biden on Thursday night. Ryan is much more intelligent, articulate, and well-versed in policy details. Biden is a gaffe-prone twit.

    Anything short of a repeat of last Wednesday’s debate will have to be a disappointment.

    Geek, Esq. (f2a108)

  90. How does less protection against fraud increase the response rate if not by permitting fraud?

    By also permitting easier legitimate transactions. That’s the easy answer.

    It’s always a tradeoff between convenience and security. I mean, they could require a real-time, in-person approval, verified by retina scan — in principle. That would reduce fraud.

    Random (edf1d2)

  91. And, BTW, though it pains me to say so, Geek has done a fine job of defending his position.

    If I’m not entirely convinced by him, it is because my opinion of the Obama campaign is so poor that it starts with the assumption of wrong-doing and requires overwhelming evidence that they aren’t breaking the law.

    Pious Agnostic (7c3d5b)

  92. Random appears to be acting dense on purpose. It isnI have to confess: I know my CVV number but not my credit card number. And I don’t leave my credit card number on file anywhere. How hard is it to type in 3 more numbers after typing in 12?

    It’s a little bit harder. And we are talking about Obama voters. Har har.

    The thing is, flipping the card over after entering 16 digits, expiry date, etc., and entering 3 more digits is not hard. You’re being obtuse by claiming I’m saying it is. That’s a strawman.

    The point is, keeping credit card info on file enables the possibility of “one-click” donations and “just reply to this text message with ‘yes'” donations, and that those are a lot easier.

    Random (edf1d2)

  93. that’s about as good as I can expect.

    On another note of agreement, you guys will win the election, no questions asked, if President Empty Chair shows up for the next two debates. He hasn’t had a real good speech in quite some time, so the only thing he’ll have going for him is low expectations.

    Geek, Esq. (f2a108)

  94. Quick point of clarification on text message donations–I believe those are billed to the wireless account, not a credit card.

    Geek, Esq. (f2a108)

  95. Ryan is much more intelligent, articulate, and well-versed in policy details. Biden is a gaffe-prone twit.

    Which, since they’d both be a heartbeat away from the Presidency, is an actual bona fide reason to vote for the Romney-Ryan ticket, and not the other.

    Random (edf1d2)

  96. I know they do it that way, billed to the wireless account, Geek. You brought it up and I thought maybe they have a way of doing it to a stored credit card account.

    Well, it would have been better if you’d gotten that right in the beginning and if I’d called you out on it. I should have. I thought about it.

    Random (edf1d2)

  97. 85. “Donations being processed without a valid zip code are direct evidence that there is not an AVS being used.”

    No the example picked up an invalid zip where supplied by credit card issuer and respondent did not match.

    gary gulrud (dd7d4e)

  98. Voters will get their own chance to judge the two men when they face off.

    Geek, Esq. (f2a108)

  99. So basically; Geek, Esq.; your entire argument is they do it to make one-click donations easier from a web browser? And/or having to spare their donors ‘poor wittle fingers the struggle of entering in 3 digits?

    For which the Obama campaign is willing to allow more credit card fraud, with all the pain that causes innocent people, as long as the campaign pays higher fees to the credit card companies to compensate them for the hassle.

    Got it.

    Random (edf1d2)

  100. Joe was an utter airhead 4 years ago. His one and only resort when challenged on a fact was to simply repeat the lie.

    He is now 4 years older meeting a wonk at the height of his intellectual powers, if not world experience.

    His only hope is to slip and fall in the bath before the debate.

    gary gulrud (dd7d4e)

  101. I’ll just add that as a card holder, I’m leery of sites that disable CVV verification. I’ve seen it maybe once or twice.

    I haven’t been hit by any problems as a result, but I know they’re accepting a lower fraud standard and that makes me suspicious of their ethics and priorities overall, in which case I suppose I’m ironically glad I’ve given them less info on my card!

    On the other hand, there’s the “Verified by VISA” scheme. MasterCard has a similar one. Both for participating merchants.

    That’s a great idea and I heartily support it. It’s also a huge pain in the rear.

    Random (edf1d2)

  102. For which the Obama campaign is willing to allow more credit card fraud, with all the pain that causes innocent people, as long as the campaign pays higher fees to the credit card companies to compensate them for the hassle.

    Oy. I now see what your game is. Silly me for being the only one to respond to your nonsense.

    Geek, Esq. (f2a108)

  103. You ever notice Joe Biden hits on chicks kind of like Bill Clinton did — minus the success?

    Random (edf1d2)

  104. #104 – You ever notice Joe Biden hits on chicks kind of like Bill Clinton did — minus the success?

    Comment by Random

    Thats not fair

    Joe-Dallas (43ff93)

  105. 103. “Silly”.

    Nolo contendere is the plea.

    gary gulrud (dd7d4e)

  106. Oy. I now see what your game is. Silly me for being the only one to respond to your nonsense.

    Comment by Geek, Esq. — 10/8/2012 @ 12:38 pm

    Geek, I meant what I said. I can see the business case for making one-click donations / stored credit card on file transactions easier.

    And obviously people don’t fear giving their credit card details to the President’s campaign site.

    But. By disabling CVV, which is fraud prevention, after all, you inevitably invite more fraud. That’s inescapable.

    And that hurts real credit card consumers. Real people.

    And I hate financial fraud. I despise it with a passion.

    I’m probably one of the few here who goes on two blogs that deal with that regularly – one devoted to calling out Internet fraud specifically, and Popehat — a liberal blog where the lawyer lead author shares my disdain of fraud.

    You can think I was “gaming” you all you like. The truth is plainer than that: I just want to know what’s true here.

    I think Obama’s awful for the Benghazi coverup, and to a lesser degree, his administration’s decisions that lead to the debacle there. For associating with, much closer than he’s acknowledged, a domestic terrorist who bombed the White House. For promising to focus on the economy and reduce the deficit, and instead ignoring jobs and pushing through his inane and counterproductive health care bill at precisely the wrong time for it.

    And for many other things.

    But, yes, I’m no fan of those who make Internet fraud easier, even though sure I understand the business case for easier online transactions.

    It’s still a bit slimy to disable standard credit card fraud prevention protocols.

    Random (edf1d2)

  107. *bombed the Pentagon, obviously

    Silly error. Thinking of one thing while writing another.

    It’s just as bad, though. Not to mention the two people Ayers’ wife was associated with killing.

    Obama’s buds.

    Random (edf1d2)

  108. The ruse has earned plenty of attention:

    http://minx.cc/?post=333610

    gary gulrud (dd7d4e)

  109. By ruse you mean the GOP being sucked in to a nothing story, or the Obama Campaign’s fundraising behavior? I think the latter, but just checking.

    The link gary galrud posted makes a point. It isn’t that the Obama campaign didn’t use the AVS — Address Verification System — it’s that they chose a particularly weak form of it.

    This combined with no CVV verification seems to be the problem.

    GAI also determined that the Obama re-election campaign has selected a particularly weak Address Verification System (AVS), a computerized means of comparing house numbers and ZIP codes provided by a donor with the corresponding numbers on file with a credit card issuer.

    GAI notes that the Obama campaign’s failure to use such security measures in its online donation system likely costs it “millions of dollars in additional fees” because “card processors charge higher transaction fees for campaigns that fail to use the CVV.

    Side Note: These fees are because no CVV means increased fraud occurs. I.e., more innocent cardholders get hurt.

    And just remember: this is the issue that caused Geek, Esq. to get his nose out of joint. Correct me if I’m wrong, Geek, but you didn’t like my insinuation that disabling standard fraud prevention protocols, while legal and permitted by card companies, causes more people to be hurt by fraud.

    And that Obama is responsible for that choice.

    Anyway, I see both sides of it. Maybe Romney should do it too if Obama is doing it. Maybe it’s necessary to match Obama’s fundraising.

    But I do think it’s telling that Obama leads early and often with the slimier, less ethical choice, and Mitt does not.

    Random (edf1d2)

  110. As we’ve said over and over, the bottom in Down Low’s approval is his ceiling of support:

    43% of the Electorate is his high-water mark and he is simply working to kill turnout as a whole.

    Rasmussen has Dims atrophied to 33% + the 10% of the electorate who swing both ways and, viola, 43%. That’s the popular count.

    Now, Urkel is up by 22 in NY. How many blood-Red states does NY equal?

    gary gulrud (dd7d4e)

  111. Oh, link:

    http://minx.cc/?post=333609

    Senior moment.

    gary gulrud (dd7d4e)

  112. 110. Yes, you were correct on the fees, on Geek’s strategy of minimal plausibility equals certainty and his reason for withdrawal.

    Don’t let it go to your head. Safe.

    gary gulrud (dd7d4e)

  113. In order to believe Geek, you have to ignore what Doodad Pro and OJ Simpson and Micky Mouse etc… did in 2008. You have to believe that disabling CCV is a good thing, to make donating easier because 3-4 keystrokes is hard, and that using a weak AVS in conjunction with that will not result in the types of donations like $100k+ from John Galt in 2008. It requires you to suspend disbelief. They think you are stupid.

    SQUIRRELS

    JD (7ddc11)

  114. Geek-
    You link things from 6 months ago to argue your case about today.
    You claimed there was no data to back up a claim when the data has not yet been made available.

    0/2

    MD in Philly (3d3f72)

  115. Does that surprise you, MD?

    JD (7ddc11)

  116. Not at all, JD, I just want to see Geek’s dishonesty nailed to the wall in plain sight.

    I like it when disingenuous people go out of their wink to link stuff in error and keep up the appearance of honest dialogue so their dishonesty is clearly illustrated.

    By the way, Geek says those really aren’t squirrels, they are just small furry mammals with bushy tails that look a lot like squirrels; if you look closely you will see the ratio of tail length to entire body length is slightly off for a typical squirrel.

    MD in Philly (3d3f72)

  117. 114. Speaking of stupid, Pew comes out with a R+3 poll(exactly what Razzie’s August affliation came up with) to show Romany ahead by 5 nationally.

    “Among those extremely likely to vote, Romney actually leads Obama 52 percent to 46 percent. That’s up from a 2-point lead last week. Obama led 50 percent to 47 percent among this group three weeks ago.”

    Ahead with Indies by sisteen. Wimmins all tied.

    Think Urkel has a come back in him? Chickens spritzed with rum are perishing in that hope.

    gary gulrud (dd7d4e)

  118. I suppose if you’re a President who doesn’t have enough support domestically, you have to play to your strengths !

    Elephant Stone (65d289)

  119. Oh, BTW, number one and two in accuracy over the millenias elections are Rasmussen and Pew.

    gary gulrud (dd7d4e)

  120. I did the same as you, Patrick, on the Obama site and got as far as you did.

    No CVV required.

    Why doesn’t someone do it all the way through? I don’t want to give the dude any money…

    Patricia (e1d89d)

  121. Patricia #121 – did you do the equivalent for the Romney site ? And, if so, at what time was your transaction disallowed ?

    If you got farther on the Obama site than on the Romney site, that is a hint that Obama is less picky about the source of donations than Romney …

    Alasdair (98b18f)

  122. I think it would be funny if people donated money using names such as “Brian Williams,” “David Gregory,” “Katie Couric,” “Robert Schieffer,” et al.

    That way, it would force the Obama campaign to either admit the major players among the lamestream media are contributing to their campaign, or they’d have to admit, “Well, due to the lack of confirmation of the security code, we can’t be sure that those people actually donated to our campaign !”

    Elephant Stone (65d289)

  123. That’s an already established fact, Alasdair – Romney’s site requires the CVV. However, by all means you could test it to visually confirm and satisfy yourself on this point.

    I even hear clicking the submit button on Romney’s site is perfectly safe.

    Random (edf1d2)

  124. Well, actually, passing on info that someone mislead you on would be the definition of being snowed.

    Well, actually, that didn’t happen — so well, actually, you’re banned again, Christoph.

    Patterico (cc3bd9)

  125. 114. In order to believe Geek, you have to ignore what Doodad Pro and OJ Simpson and Micky Mouse etc… did in 2008. You have to believe that disabling CCV is a good thing, to make donating easier because 3-4 keystrokes is hard, and that using a weak AVS in conjunction with that will not result in the types of donations like $100k+ from John Galt in 2008. It requires you to suspend disbelief. They think you are stupid.

    SQUIRRELS

    Comment by JD — 10/8/2012 @ 1:39 pm

    Disabling the Credit Card Verification Method (i.e. verifying the security code) encourages robo-donations.

    When the donation is between $50 and $200 the campaign doesn’t have to disclose the identity of the person contributing, but they have to keep records. When it’s under %50 they don’t have to keep records.

    So they can assume that each donation, even from the same card, is not from the same person as long as they donations are under different names. So “O.J. Simpson,” “Mickey Mouse,” and “Adolf Hitler” could all be using the same card but a campaign can just assume they’re different people. And they don’t have to make any attempt to add up those donations.

    Making multiple donations under different names using the same pre-paid credit card or debit card is a great way to go over the individual limit. This is especially true because there is software available to automate these donations; hence “robo-donations.”

    Card verification, which forces you to manually enter the security code, impedes robo-donations. As do added security features, such as using CAPTCHAs also tend to screen out robot donations.

    That’s why campaigns like Obama’s don’t use those features.

    Steve57 (c8ac21)

  126. Bad enough for someone to be a priggish self-appointed arbiter of my potential failings. But to sneak in under different names and email addresses after being previously banned relIeves me of any moral duty to put up with the aggravation.

    Patterico (cc3bd9)

  127. Respected bloghost – this is *your* blog … and that, just in and of itself, should be considered to relieve you of any moral duty to put up with anything up with which you do not wish to put …

    I, for one, respect the fact that you ban very few folk, while often being sorely tempted, whether for bad faith or even bad puns …

    (innocent whistle)

    Alasdair (98b18f)

  128. Pencil neck geek, grit eatin’ freak,
    scum suckin’, pea-head with a lousy physique.
    He’s a one man, no gut, loosing streak.
    Nothin’ but a pencil neck geek.

    Colonel Haiku (de14b7)

  129. There is more evidence that the Obama campaign conducts credit card fraud than there was evidence that Mitt Romney paid no taxes for years.

    And yet, which of those two competing claims actually bothered Obama supporters? And which of those competing claims was actually based on any evidence at all?

    SPQR (768505)

  130. Colonel,

    I came up with an idea for how Sesame Street can make some money for itself, in lieu of taking federal funding.
    Tell me what you think…
    They could manufacture stuffed animals, puppets, clothes, games, stickers, party favors, bibs, DVDs, et al.
    I bet there’s a lot of young children who would go for that sort of stuff—it could potentially bring in hundreds of millions of dollars a year.
    Do you think that’s a good enough idea to pass on to PBS ?

    Elephant Stone (65d289)

  131. Don’t they already do a lot of that merchandizing, stones?

    Hey… once they’re on the federal teat, you’ll play hell weaning the weenies off.

    Colonel Haiku (de14b7)

  132. Colonel, me and everybody in D&D/Chess/Rocket Club hated that song!

    Pious Agnostic (2c3220)

  133. Colonel,

    Ha, ha, perhaps I was too subtle…yes, Big Bird and the Gang brings in zillions of dollars thru merchandising, yet the liberals still insist they continue to take welfare from the American taxpayer, as well as underwritings from corporate sponsors.

    Elephant Stone (65d289)

  134. is there a set dollar amount to when donations obtained illegally become a felony?

    Is it per donationor when a threshold is reached?

    Sio is a 50 dollar donation a felony – is that why the security has been disabled?

    What burden is legally required to verify certain transactions?

    Credit cards should be easily identifiable except as JD pointed out the prepaid cards create a rather direct path for illegal doantions

    EPWJ (8a4ca7)

  135. Hey, long day at work, stones… my only excuse. If PBS, Sesame Street and Big Bird are so damn popular, they should have no trouble thriving in the marketplace.

    Colonel Haiku (b56e4c)

  136. Colonel,

    Big Bird, Elmo, and Friends make so much money—they should be supporting us !

    Elephant Stone (65d289)

  137. Freddie Blassie singing the song on Dr. Demento’s show… those were the days, PA!

    Colonel Haiku (2fdf4b)

  138. You guys know Dr. Demento? Dang, and I thought I was old.

    Didn’t Blassie also do a video with some skinny little Polish girl? “Girls just wanna have guns”.

    nk (875f57)

  139. Dr. Demento … I got his autograph at a Weird Al concert.

    For that matter, I had friends at Cal Poly San Luis Obispo when Weird Al recorded “My Bologna” there as a student.

    SPQR (768505)

  140. I’m still waiting for an explanation of how not requiring CVV allows more foreign donations (other than through use of stolen CC #’s).

    A robo-donator can do CVV’s just as easily as it can enter any other data. Give me a few hours and I could write one.

    So what is the big deal with the CVV’s?

    Yes, I get the issue with AVS, but CVV?

    BTW, I’m Romney supporter, strongly anti-Obama.
    But I don’t like it when *my* side uses bogus arguments, so please… tell my why this CVV stuff isn’t just BS?

    Mesocyclone (0defa8)

  141. 141. I’m still waiting for an explanation of how not requiring CVV allows more foreign donations (other than through use of stolen CC #’s).

    Foreign donations aren’t the only illegal donations.

    A robo-donator can do CVV’s just as easily as it can enter any other data. Give me a few hours and I could write one.

    So what is the big deal with the CVV’s?

    I get the impression that this is in part aimed at my comment #126.

    If so, again, when did I complain about foreign donations.

    And perhaps you can write software code that can provide the card’s security code in a few hours. Perhaps you can also write software code that can bypass or just respond correctly to a CAPTCHA. That’s been done too.

    But then if this in response to what I wrote then you’ll note I never said that requiring the security code eliminates the possibility of accepting robo-donations. Just like using a CAPTCHA would eliminate the possibility that it’s a PC and not a human being making the transaction.

    I said disabling security features encourages robo-donations, and that using them impedes it.

    Not everyone doing this does their own programming.

    Yes, I get the issue with AVS, but CVV?

    BTW, I’m Romney supporter, strongly anti-Obama.
    But I don’t like it when *my* side uses bogus arguments, so please… tell my why this CVV stuff isn’t just BS?

    Comment by Mesocyclone — 10/8/2012 @ 9:28 pm

    I think you’d understand it better in terms of FEC regulations and not as a matter of technology. Asking for as little information as possible, beyond just what’s required to process the transaction, eliminates the possibility that a campaign can successfully be accused of meeting the threshold for knowingly accepting a fraudulent (although willingly so, as opposed to unwillingly in the case of stolen card) donation.

    Just as is the case when campaigns, and the Obama campaign is notorious for this, choose to believe that multiple transactions using the same card under multiple and obviously fictitious names really are from multiple donors. And not simply a single donor making multiple donations but concealing his or her identity.

    Also, FYI, the AVS is no big deal either, because if the card issuer authorizes the transaction then the campaign can accept it. And when the card issuer authorizes the transaction the only things they verify is that the card hasn’t been reported stolen, lost, it’s transaction history isn’t consistent with fraud, and it’s not over its limit.

    The AVS only helps protect on-line merchants from fraud. The rules for processing a Card Not Present transaction are different then when completing a Card Present transaction. The merchant who physically takes hold of the actual card during a transaction is generally not liable for a fraudulent transaction. The on-line merchant is liable.

    Of course, the system is based upon the assumption that fraudulent use of a card will result in a consumer complaint. Then the card issuer follows up with the merchant to determine if the transaction was valid.

    Anti-fraud features like AVS are not designed to prevent campaigns from accepting illegal contributions from willing donors who aren’t going to complain about the charge.

    So a campaign can accept all the contributions from donors who give small amounts it wishes to. Even if the AVS says the address given doesn’t match the address on file. Just as the Obama campaign chooses to accept donations with obviously fraudulent names, even though the issuer has the card holder’s name on file.

    The FEC will never be the wiser; the only time an audit is mandatory is when a candidate accepts federal matching funds (and Obama doesn’t do that). And even if they do an audit, they don’t have any ability to verify the legitimacy of contributions under $50.

    Steve57 (c8ac21)

  142. A commenter @ neo-neocon:

    James from Canada Says:
    October 9th, 2012 at 2:01 am
    A lot is bring made of the Ccv number, but the big thing for me is the non-use of the address verification system. I just donated with my Canadian credit card to obama’s campaign using the name ‘Fraud Artist’ and address at 1600 Pennsylvania Avenue NW Washington DC, 20500. This is ridiculous. I live in Canada. I am all Canadian. I’ve never even been to dc and my name is clearly not fraud artist. Still good enough to accept a $5 donation.

    Tried the same donation for Romney and, surprise, could not donate.

    IGotBupkis, Legally Defined Cyberbully In All 57 States (8e2a3d)

  143. I think it would be funny if people donated money using names such as “Brian Williams,” “David Gregory,” “Katie Couric,” “Robert Schieffer,” et al.

    They’ve already donated. There was a report from the DNC this year about the merchandise booth inside the area reserved for reporters. Since buying the merchandise counts as a campaign donation, buyers had to give their names — and the person running the booth said to use a fake name “like the others”.

    Rob Crawford (04f50f)

  144. BTW, I’m Romney supporter, strongly anti-Obama.
    But I don’t like it when *my* side uses bogus arguments, so please… tell my why this CVV stuff isn’t just BS?

    Cough cough Moby cough cough

    JD (7ddc11)

  145. Concern troll is concerned … unconvincingly.

    SPQR (768505)

  146. Awww, Christoph dropped by and I missed it? Damn.

    Icy (20d2de)

  147. Former ACORN employee, Anita Moncrief, discusses the “small donor” CCV issue, how Hilda Solis got her job, ACORN’s socialist wishlist and what happens when people like Stacey Dash speak out.

    https://vimeo.com/50298485

    Anita (ffde50)

  148. “The important thing is the appearance of probity.”

    Space Cockroach (8096f2)

  149. You mean the appearance of plausible deniability.

    SPQR (768505)

  150. Steve57 #142: The “scandal” is about accepting foreign donations, because that what the headlines and the original report are about. Your answer, while informative, doesn’t address that.

    How the CVV is implicated in that issue does not seem to have been explained. The original report just asserts that it is, without explication. I was hoping someone in this thread could explain it, but the lack of explanation leads me to believe that it is an invalid, clumsy accusation. I am *still* hoping someone will explain it.

    On the other hand, AVS can be used verify that the address given is valid, which means a foreign donor cannot give a US address to get around a simple, obvious country code check implemented by the web site.

    Of course, if the web site doesn’t ask for, or is ignoring country information, the AVS doesn’t solve that issue.

    BTW… my comment about robo-donors is in ref to #126 and to the original report.

    Mesocyclone (0defa8)

  151. Except all of that has been addressed above, unless the Kremlin zip code 00000 is really located in Biloxi. Doodad pro. Ring a bell?

    JD (7ddc11)

  152. I just wanted to elaborate a little on why I said AVS is no big deal. Because some people have been dealing in complete B.S.

    15.In other words, it’s likely your anonymous commenter was not telling the truth. If you give an address that doesn’t match your address on file with the bank who issued your credit card, it’ll get rejected. This is web commerce 101.

    Comment by Geek, Esq. — 10/8/2012 @ 10:30 am

    This is B.S. and either reflects an ignorance of what the system is designed to do, or a deliberate distortion of it.

    There is absolutely no requirement, and many reasons not to, run the card through AVS when you charge the card during an on-line transaction.

    Because the system is designed to prevent fraud during a commerial transaction, in which the card is being used to buy something. The charge goes through right away. Most on-line merchants run the cards through AVS as a batch later.

    Different credit card companies, and different merchant services companies, have different rules. But in general they recommend the merchant, if AVS gives a “no match” response, follow-up with the customer before completing the transaction.

    And that means before shipping the merchandise. Because the system is not set up to stop illegal donations, but fraudulent commercial transactions.

    There are legitimate reasons why you may get a “no match;” the person may have moved and not told the card issuer, or the card issuer may still have the wrong address on file. But the merchant can complete the transaction if they wish to open themselves up to the liability.

    That’s merchant services 101.

    And note the Obama adimipermacampaign does use the CVM when conducting a commercial transaction.

    Clearly, they aren’t worried about the same type of fraud when it comes to donations. There are plenty of reasons for that, such as the fact that they expect their fraud rate to be low as they are processing millions of donation transactions; far less for merchandise.

    At least when it comes to triggering an FEC audit, when one is triggered depends upon the size of the amount collected compared to the amount of documented fraud. $2M might be enough to trigger an audit in a congressional campaign which collected $50M total, but not in the case of King Putt who collected a total of 20 times more.

    As long as we’re on the subject of B.S.

    7. The FEC audited the Obama campaigns donations in 2008 and found nothing.

    Comment by Geek, Esq. — 10/8/2012 @ 10:09 am

    The reason this guy never provided a link is that an actual FEC audit takes quite a while. There is no way in hell’s creation the FEC audited the Obama campaign’s donations by the end of an election year.

    But hey, don’t take my word for it. Here’s a link from November 11, 2008.

    http://www.politico.com/news/stories/1108/15497.html

    Obama likely to escape campaign audit

    The Federal Election Commission is unlikely to conduct a potentially embarrassing audit of how Barack Obama raised and spent his presidential campaign’s record-shattering windfall, despite allegations of questionable donations and accounting that had the McCain campaign crying foul.

    Adding insult to injury for Republicans: The FEC is obligated to complete a rigorous audit of McCain’s campaign coffers, which will take months, if not years, and cost McCain millions of dollars to defend.

    Obama is expected to escape that level of scrutiny mostly because he declined an $84 million public grant for his campaign that automatically triggers an audit and because the sheer volume of cash he raised and spent minimizes the significance of his errors. Another factor: The FEC, which would have to vote to launch an audit, is prone to deadlocking on issues that inordinately impact one party or the other – like approving a messy and high-profile probe of a sitting president.

    So natch, the Geek didn’t provide a link. He was slinging s*** at the wall to see if it stuck. He tried to claim the FEC completed an audit of the Obama campaign in 2008 and found nothing, when in fact by the end of 2008 it was in the news that it was entirely unlikely the FEC would ever conduct an audit.

    WaPo and other outlets reported the same as well.

    Steve57 (c8ac21)

  153. Ace had this out previously, but it should be noted again. It’s about how the Obama campaign shifted to a new donation website, presumably to hide a lot of vulnerabilities they put in their old website.

    Back when there were some whispers about this in May or June, I poked around Obama’s site. What was odd was that there was verification for Obama’s web store, but not to donate. Meaning, you had to verify your address if you wanted to buy a “Dogs for Obama” button, but not if you wanted to donate to his campaign. Most of us remember these types of shenanigans from Obama’s 2008 campaign.

    So, when this story began leaking last week, I went back and checked on this again. The weird part? The campaign donation page had been moved from “donate.barackobama.com” to “contribute.barackobama.com”. After poking around a little more, I found that donate.barackobama is being hosted by Blue State Digital. This is a firm founded by former Howard Dean 2004 staffers and they run Obama’s digital operation.

    This dovetails with what Doug Ross @ Journal had out yesterday:

    BLUE STATE DIGITAL: Is it the linchpin of the Obama campaign’s foreign donor scandal?

    Anyhow, an anonymous tipster mentioned that checking out the source code of the Obama donation website… would reveal some interesting logic. Specifically that IP addresses of the donors can be easily spoofed through a hidden field in the form. The tipster’s guess was (and I concur) that the Obama campaign is recording the spoofable IP address… not the real IP address as delivered by the web server.

    It’s web security 101, folks. Because IP addresses map back to the original source network (your ISP, your company, etc.), the web server’s log-file records the actual source IP address of the request. They certainly don’t record anything that the requester provides as the genuine address.

    Put simply, there’s no reason to include a hidden form field for IP address. It is there for one reason alone: IP forgery — forging the computer addresses of donations to disguise their true sources.

    This, again, is the old “donate” site they were using up until just a couple of months ago, not the new “contribute” site they migrated to.

    On its own I wouldn’t consider the lack of CVM to be that big of a deal. But it was part of a pattern of disabling security features. As Doug Ross points out, they weren’t just disabling security features. They were actively installing vulnerabilities to evade any tracking of the actual location of the donor.

    But the FEC will not audit this. They would be on thin ice because they’ve never put out any regulations defining what sort of security standards a campaign needs to adhere to in order to avoid knowingly accepting foreign donations.

    The only way the FEC could audit this is if Obama accepts matching funds. And undoubtedly he went back on his word in 2008 because he knew he could collect far more in contributions from shady donors. And accepting matching funds might well expose that fact.

    Steve57 (c8ac21)

  154. Erick Erikson tried this and his donation was denied. But that fact was nicely hidden in the 14th-some paragraph of his post titled “I donated to Barack Obama.” It’s like he gets off on fooling his readers, all now experts on anti-fraud efforts, of course.

    [Note – This is unskew. And Lemon.Wet.Good. And imdw.]

    Sammy (6181a3)

  155. Nice try Sammy. That’s not the title. And he tells the readers that it didn’t go through in the first paragraph. Just not due to any safeguards the Obama campaignistration has implemented on its site.

    The Obama campaign processed this donation

    Other than that, good work Sammy.

    Steve57 (c8ac21)

  156. imdw is as dishonest as … well, as ever.

    SPQR (768505)

  157. Check redstate.com.

    Sammy (6181a3)

  158. Check my link; I went to Redstate.com and got it right off their front page.

    Steve57 (c8ac21)

  159. Steve – don’t count on unskew/lemonwetgood/Sammy/imdw to be honest.

    JD (7ddc11)

  160. All that sleuthing with AVS etc.. and it’s this hard to find an article on a blog?

    http://www.redstate.com/2012/10/08/i-donated-to-barack-obama/

    Sammy (ba5211)

  161. No Sammy, but even that one includes the fact that he says he donated “sort of” in the third paragraph and “I didn’t really” in the fifth.

    Really, Really short paragraphs by the way. So you didn’t get far into the piece without him telling you he really didn’t donate to Obama.

    Unless, of course, you want to ignore clues. Clues that are like, dunno, actual statements he didn’t donate. Kinda obvious, really.

    Steve57 (c8ac21)

  162. All that sleuthing with AVS

    Maybe I’m the only one who comments here who’s familiar with a merchant services contract, and with what the credit card companies require. But it really wasn’t all that much sleuthing.

    Card Acceptance Guidelines for Visa Merchants

    The Address Verification Service (AVS)* allows card-absent merchants to
    check a Visa cardholder’s billing address with the card issuer. An AVS request
    includes the billing address (street address and/or zip or postal code). It can be
    transmitted in one of two ways:
    1. As part of an authorization request, or
    2. By itself. AVS checks the address information and provides a result code to
    the merchant that indicates whether the address given by the cardholder matches the address on file with the card issuer.

    …The AVS request can be processed either on a real-time basis or in a batch
    mode using an electronic terminal or personal computer. Real-time requests are
    typically used for transaction situations where the customer must wait online
    for a response. The batch mode is geared more toward lower-cost processing for
    which no immediate response is required as is usually the case with mail orders.

    The card issuer will make an authorization decision separately from the
    AVS request
    and compare the cardholder billing address sent with the
    billing address for that account.

    …While Visa does not recommend any particular approach, the following
    general guidelines are drawn from card-absent industry practices and may be
    helpful. Merchants should establish their own policy regarding the handling of
    transactions based on AVS* result codes.

    …(Contained in spreadsheet: when “No Match” code is returned) You may want to follow up with the cardholder
    before shipping merchandise. …“No match” responses generally result in
    further merchant investigation.

    …AVS result codes and explanation provided here are meant to give you enough
    information to make your own determination of what works best for you.
    How one merchant treats these codes may be different than the way another
    merchant treats the same codes.

    Really, it’s not that hard. AVS is a feature you can use to protect yourself from fraud, but if you’re an on-line merchant you’re not a slave to it. You can ignore the code AVS returns if you wish.

    And so can the Obama campaign, if Big Bird wants to donate again. Which he probably will, since Obama is out to save his government-subsidized butt.

    Steve57 (c8ac21)

  163. There’s a report mentioned in Morning Jolt of Monday October 8, 2012 by the Government Accountability Institute.

    Of the 446 House and Senate members who have an online donation page, 47.3% do not require the three or four digit credit card security number (officially called the Card Verification Value, or the CVV) for Internet contributions.

    The CVV is used by over 90% of all e-commerce operations and nineteen of the twenty largest charities in the United States.

    (They don’t want disputed charges and chargebacks)

    See http://campaignfundingrisks.com/

    Sammy Finkelman (d22d64)

  164. You’re in point of fact a just right webmaster. The web site loading pace is incredible. It sort of feels that you are doing any distinctive trick. Moreover, The contents are masterpiece. you’ve done a fantastic task on this matter!

    FiOS Coupons (6d9340)

  165. Not a too hot webmaster or a too cold webmaster — a just right webmaster! The Goldilocks of webmasters!

    JVW (f5695c)

  166. And FiOS Coupons’ comment is infinitely better than the drivel spewed by Tillman.

    JVW (f5695c)

  167. What isn’t?

    AD-Restore the Republic/Obama Sucks! (b8ab92)

  168. Late note on an old discussion: Pamala Geller of the Atlas Shrugs Blog conducted an investigation of the Obama donors and found evidence of foreign donations. She might be able to re-post her results. Also – Several people might remember when we posted about our experiments with “donations to Obama” on lgf- (back before Charles was possessed by an alien life form- I think this was on that site – it may have been on Ace’s site.. sorry I’m unsure-) People were donating under the names Mickey Mouse and Adolf Hitler with no problems whatsoever. “Gobbels” listed their address, “### Riechstag” donated $10, again no problems with the Obama site.

    GhostOnTheWind (bffd16)

  169. Steve57, well you are not the only one. I spent some time in the corporate counsel’s office of a major card processor…

    SPQR (768505)

  170. I wanted to follow up and let you know how much I appreciated discovering your blog today. I’d personally consider it a great honor to do things at my business office and be able to make use of the tips provided on your website and also engage in visitors’ comments like this. Should a position associated with guest article author become available at your end, you should let me know.

    credit cards to rebuild credit rating (42dac6)


Powered by WordPress.

Page loaded in: 0.8477 secs.