Mainstream media catching on to illegal Obama donations

Web site transaction security stuff has been standard operating procedures for years at just about every e-commerce site in business – except for the Obama campaign donation site. Late last week I tested both the McCain and Obama sites by trying to send $10 to each campaign using a real credit card number and expiration date, but everything else was fake.

Today, the Washington Post is catching on.

After prodding from myself. Vicevich, Powerline, LGF, Hot Air, Malkin and many others, the Washington Post has picked up the story in Obama Accepting Untraceable Donations.

Sen. Barack Obama’s presidential campaign is allowing donors to use largely untraceable prepaid credit cards that could potentially be used to evade limits on how much an individual is legally allowed to give or to mask a contributor’s identity, campaign officials confirmed. …

In recent weeks, questionable contributions have created headaches for Obama’s accounting team as it has tried to explain why campaign finance filings have included itemized donations from individuals using fake names, such as Es Esh or Doodad Pro. Those revelations prompted conservative bloggers to further test Obama’s finance vetting by giving money using the kind of prepaid cards that can be bought at a drugstore and cannot be traced to a donor. …

The problem with such cards, campaign finance lawyers said, is that they make it impossible to tell whether foreign nationals, donors who have exceeded the limits, government contractors or others who are barred from giving to a federal campaign are making contributions.

This is good reporting concerning the prepaid credit cards that are untraceable, but it still does not cover all of the problems with the Obama system.

If they simply put in the same security measures that the McCain site has, most of the problem donations could have been completely avoided. McCain is not asking for a CVC number, but they do have other security checks in place. (I proved it)

Obama’s site is not doing any of the following.

  • Requiring a CVC number with every transaction.
  • Requiring that the last name on the card matches the last name on the Web donation form.
  • Requiring that the zip code for the cards billing address matches the zip code on the Web donation form.

Next, Obama’s camp is going to complain that donations were coming in so fast, that they had to turn off the security checks to keep the site from crashing or being too slow. Bull.

Maybe if Obama had kept his promise to only stick with public financing, he would not have any issues.

The CNN anchor [Campbell Brown] then reminded her viewers of Obama’s public financing promise: “One year ago, he made a promise. He pledged to accept public financing, to work with the Republican nominee to ensure that they both operated within those limits. And then it became clear to Senator Obama and his campaign that he was going to be able to raise on his own far more cash than he would get with public financing. So, Obama went back on his word. He broke his promise…”

4 replies
  1. Ron Robinson
    Ron Robinson says:

    This is a very sobering indictment especially since most ecommerce software has several checks (such as Billing ZIP check and CVV check) turned ON by default when solutions are newly installed.   Web site/revenue managers would have to make a conscious decision that they want these checks turned off and would have to change software settings (pretty easy) to do so.
    For 15 years, I have developed secure card processing software for a major shopping cart processor.  Since we offer a free secure shopping cart, we have a lot of experience with new and inexperienced merchants processing credit cards for the first time.  I can tell you this: it’s not a case of ignorance or naïveté, especially since this credit card security issue has been so widely discussed online, and we have many proofs that this administration is highly aware of critical discussions taking place in the blogosphere. 
    Doing what we’ve observed does not require a special arrangement or a conspiracy with the credit card companies:  any tiny merchant on the internet could do the same, even with Paypal.  After 60 or 90 days, the credit card company would want to have a ‘serious’ conversation with you, but all you would have to do is promise remedial action and you can continue merrily on your way without getting serious about remediation.
    The more serious issue is compliance with FEC regulations and federal campaign law – it’s very obvious that the campaign was actively trying to solicit foreign contributions (illegal) when you visit pages like: where the activist controls on the site even report to everyone how much foreign activist fundraising has taken place in the Paris group.  Since most of the page is in French, I seriously doubt that all of the $39,000+ was raised by citizen expatriates in Paris.  The common billing address check and a simple SQL query would have prevented so many foreign contributions.
    My exit question is this:  if this activity is what we observed prior to the election, if this candidate was so careless with common checks that most merchants use, what kind of care and diligence can we expect when this guy has his hands on the US budget?
    Ron Robinson

Comments are closed.