Credit-card experts explain the extent of Obama’s deception

posted at 1:12 pm on October 29, 2008 by Ed Morrissey

After writing twice about the deliberate decision by the Barack Obama campaign to avoid validation checks on credit-card contributions, I’ve heard from a number of people in the credit-card industry on how this works.  Two explanations in particular explain the depth of deliberation and deception involved in disregarding address and security-code verification.  The first explains that Team Obama probably didn’t just opt out of using these verification processes, but more likely rewrote the code on their site to bypass them, emphases mine:

I have over 30 years of experience in investigating Credit Card Fraud and I can tell you, which you may or may not know, that the merchant acquirer that is conducting the collection of credit / debit card for the Obama campaign are responsible for the actions to be taken regarding the Address Verification System responses.  The value of the AVS system is that the issuer of the card being used provides back to the merchant acquirer a response based upon the information provided during the authorization process.  This response indicates to the merchant acquirer if the card information was validated as to ownership of the account.  It is the merchant acquirer that determines what to do when the authorization response is received.  In most cases the transaction that comes back with any negative meaning is denied.  However, if the merchant acquirer has adjusted their system to accept any response as acceptable the transaction would be completed.

The value of the AVS system is to deny Card Not Present transactions (CNP) which are suspicious.  This protects the merchant against charge backs for bad transactions.  What is interesting to me is that the merchant acquirer has knowingly violated a basic CNP fraud prevention technique to accommodate a merchant (Obama Campaign).  I think that both the Associations (VISA & MasterCard) would be highly interested in looking at the merchant acquirer that was processing these transactions.  The value of ignoring the AVS responses is that multiple invalid transactions may be made without fear of being rejected by the authorization systems.  This means that the real owner of the credit card account is willing to allow multiple transactions to be made on the account using different names and addresses that under normal conditions would be denied.  The merchant acquirer has a complete listing of all transactions done and it would be very interesting to see how many transactions were conducted on the same account number using different names.  I would think that this would be a Federal violation under the current campaign funding laws.

Another fraud-prevention veteran notes that Team Obama has at the least provided a testing ground for thieves looking to validate responses:

You may have mentioned this elsewhere, but disabling the security allows would be credit card thieves to “ping” numbers till they get a hit.  The number of “pings” should have raised flags at Visa and MasterCard, don’t you think?

I wonder if they warned the Obama campaign, or worse, ignored it.

In other words, a crook could simply type in random numbers until he found one sequence that worked in some fashion.  That could give a thief a starting point for committing credit-card fraud.  If all they had to do was type nonsense values for names and addresses, such as Doodad Pro, they could quickly determine which numbers were valid — and they could probably program bots to do that kind of work.

Thanks to Team Obama, millions of people now have to wonder whether they’ve been victimized by credit thieves.  Some of us wonder if the thieves aren’t really working at Team Obama in the first place.


Related Posts:

Breaking on Hot Air

Blowback

Note from Hot Air management: This section is for comments from Hot Air's community of registered readers. Please don't assume that Hot Air management agrees with or otherwise endorses any particular comment just because we let it stand. A reminder: Anyone who fails to comply with our terms of use may lose their posting privilege.

Trackbacks/Pings

Trackback URL

Comments

Comment pages: 1 2

By the way…no one has to change any acceptance response codes for this to work. It’s just a loophole in the system. The very nature of prepaids having limited risks makes them very attractive means of payment for customer, merchant, issuer, and acquirer.

Danilo on October 29, 2008 at 2:42 PM

Danilo on October 29, 2008 at 2:27 PM

The real key is the disconnect between Cardholder name, and what the person puts into the field on the donation page.

Its the donation page name field which gets reported to the FEC… and that name is the one used to keep track of doner limits.

Thus you have a disconnect between Card holder name, and doner name. They HAD to disconnect the two databases or the fraud would be too easy to see…

For the FEC to pursue this, it has to VOTE to audit those records, and will then have to go to the Credit Card company and match records. FEC does not have the resources to even START a job that massive, nor does it have the legal power to get the credit card companies records…

FBI needs to be called in for Conspiricy. And Secret Service for International wire fraud… as they are the only ones with the resources and clout to investigate this.

Romeo13 on October 29, 2008 at 2:42 PM

If he gets elected, he’ll make a big show of cleaning up identity fraud with respect to this matter and to voter fraud and voter registration fraud. A microchip should take care of that.

baldilocks on October 29, 2008 at 2:45 PM

A microchip should take care of that.

baldilocks on October 29, 2008 at 2:45 PM

Excellent idea, Appolyon.

Mr_Magoo on October 29, 2008 at 2:47 PM

Mommypundit…there is no legal basis. The only thing they can do is to revamp the entire prepaid card system to include an application to be filled in before purchasing the prepaid card. Even so, who’s going to regulate these applications? When you buy prepaid cards (which are really like gift cards) you wouldn’t want to give your vital identity info everytime. I have four kids. We buy gift cards and prepaid cards like crazy for birthday presents. I wouldn’t buy them if I have to fill in an application every time I buy a $20 giftcard/prepaid visa/mc.

Danilo on October 29, 2008 at 2:48 PM

Romeo…agreed.

Danilo on October 29, 2008 at 2:49 PM

Some of us wonder if the thieves aren’t really working at Team Obama in the first place.

he’s just living what he feels is right. Redistributing other peoples’ wealth.

theguardianii on October 29, 2008 at 2:52 PM

Anyone can go to wikipedia and look up these two pages:

Luhn
List of Bank Identification Numbers

From those 2 sources, anyone with half a brain can figure out credit card numbers that could possibly be valid, then start plugging them in. I don’t know about exp date, in our system that has to match but then we programmed our system to require complete validation, but without AVS to verify, I can see how Obamabots can game the system.

JustTruth101 on October 29, 2008 at 2:52 PM

Danilo at 2:39PM
But isn’t it against the law to give somebody else money to contribute? So whoever bought the pre-paids that end up as campaign contributions would be liable, wouldn’t they?

This person that Mark Steyn says had her (his?) name used as the source of $27,000 of small contributions – would he/she be the only person who could report that to Secret Service, FEC, etc? Could Mark Steyn or any of us report these things?

The thing that really fries me about so much of this is the legal argument that I’m not harmed in any way if somebody steals my country from me. To me as to others – especialy every person in our military, losing this country is worse than losing my own life. If I lost my life my family could sue. So how can they say I have no standing to sue, complain, or any other thing I have to do to defend this nation?

justincase on October 29, 2008 at 2:54 PM

Danilo, your point on giftcards is well taken. However, the point where true cardholders accounts are being used without the permission of the cardholder rises to the level of card fraud. There are many examples of this occurring within this campaign acocunt to mulitple account holders.

Also it is possible to conduct a criminal investigation of the misuse of prepaid accounts as it applies to the violation of the Federal funding laws. While it is true that the use of the prepaid gift cards at the transactional level are not tied to a specific user, unless it is a reloadable product which does require the cardholder information, it can be tied to the original purchaser of the bulk orders that would be necessary to commit this type of broad based funding fraud.

It my recollection that while many giftcard providers provide bulk orders they do track who requests them and where they are sent. In the construction of a large scale operation it would not make sense to purchase giftcards in ones and twos.

While this might be a very lengthy investigation it would at its end be possible to idenfty and take action against those that might have particpated in it. Having conducted many such investigations over the past several decades for both public law enforcement and private fortune 100 card companies I feel pretty confident that a case can be made. It remains to be seen if anyone is interested in pursing this as a complex crimina investigation.

Viking6 on October 29, 2008 at 2:55 PM

Hope that helped. Any questions anyone?

Danilo on October 29, 2008 at 2:27 PM

You betcha! This is how Obama is raking in the money.

Texas Gal on October 29, 2008 at 2:56 PM

Thanks to Team Obama, millions of people now have to wonder whether they’ve been victimized by credit thieves.

Hey, hey, hey.

This is just step 1 of Obama’s redistrubtion plan.
Next Congress will start stealing (more) from the taxpayers.

It’s a wonderful life, man.

VolMagic on October 29, 2008 at 2:57 PM

FBI needs to be called in for Conspiricy. And Secret Service for International wire fraud… as they are the only ones with the resources and clout to investigate this.

Romeo13 on October 29, 2008 at 2:42 PM

>>>>

Can you do that? I wouldn’t know what to tell them. If it’s a matter of having ENOUGH people making a stink about it, I can do whatever I need to, but I’d need to be told what to say because I don’t know the terminology well. How do we normal citizens impact something like this, to make sure these things are investigated?

justincase on October 29, 2008 at 2:58 PM

This is such an appalling disgrace.

CP on October 29, 2008 at 2:59 PM

Justincase, I’m not a lawyer, but it makes sense to me that I have no control over what a recipient of my prepaid card decides to purchase with the card. Besides, if the cards where purchased with cash or other prepaid cards, there really is no way to trace it.

Danilo on October 29, 2008 at 2:59 PM

It remains to be seen if anyone is interested in pursing this as a complex crimina investigation.

Viking6 on October 29, 2008 at 2:55 PM

>>>>

Name some names. Who should be pursuing it? And how can we get them to do it?

justincase on October 29, 2008 at 3:00 PM

RICO

JustTruth101 on October 29, 2008 at 3:03 PM

Danilo on October 29, 2008 at 2:59 PM

I would think if somebody bought in bulk, like Viking6 talked about, it would indicate intent to do something anonymously, unless there’s another verifiable reason for it. It reminds me of the thing with Norman Hsu bundling large contributions from people who lived in shacks.

I bet George Soros has his filthy hands in here somewhere, the only difficulty is finding exactly where.

justincase on October 29, 2008 at 3:03 PM

justincase, I’d be willing to ante-up and double your bet.

Danilo on October 29, 2008 at 3:07 PM

Somewhere there’s an email or blog post, that spread the word to Obama supporters around the world about the lax credit card verification process. I’m sure the original intent was to skirt three provisions of federal election finance laws: restricting foreign funding, a $2300 cap on donations from any one donor, and having to report only the donations that are > $200.

Still, the effort will only work if potential donors are clued in to the scheme. We need to find that smoking gun.

A commercial website that accepts credit cards has a vested interest in preventing fraud because actual goods can be stolen. An election campaign, though, isn’t selling anything, so in lieu of ethical and legal restraints the worst that can happen if they use lax standards is that they’ll get some bogus donations. It would be interesting to compare the Obama donation web site to their commerce site selling Obama campaign paraphernalia. I bet if you try to by an Obama t-shirt or bumper sticker with a credit card, they use AVS and check names against account numbers.

rokemronnie on October 29, 2008 at 3:18 PM

rokemronnie on October 29, 2008 at 3:18 PM

Somebody should test that and see. If the standards are different it would definitely signal fraudulent intent. If it was really about removing obstacles, they certainly would want to remove obstacles from somebody getting Obama campaign paraphernalia also.

justincase on October 29, 2008 at 3:23 PM

justincase

We are currently speculating about the potential misuse of transaction cards (be they credit/debit/prepaid) for illict purposes it would first be helpful to have concrete examples of those illegal acts.

No Public Law Enforcement agency, local, state or federal, will take a case based upon speculation. There must be hard evidence of the illict act. I know that this is not what we want but it is the truth.

However, I would suggest that direct calls to our local Congressional Representative and or the Federal Election Commission outlining these concerns would be the start of crating an issue that would have to be investigted. The level of concern by these groups is generally governed by the number of complaints received and the complexity of the investigation that might be needed.

If the merchant bank was known it would be interesting to contact them with these issues. Also if the bank is known sending direct inquiries to Visa and MasterCard might provoke some response.

I know that this is not exactly what you are looking for but it is reality.

Viking6 on October 29, 2008 at 3:31 PM

OT: African Press International chief editor Koriri says Obama’s campaign has offered them 3 million dollars to back out of their deal with Fox News to have Fox air the Michelle Obama tape. He’s reporting the bribe attempt to the American Embassy in Oslo and providing evidence for them to investigate.

http://africanpress.wordpress.com/2008/10/29/news-flash-obamas-campaign-manager-offers-3-million-dollars-to-api-in-connection-with-michelle-obama-tape-planned-to-be-aired-by-fox-news-network/

justincase on October 29, 2008 at 3:32 PM

If he gets elected, he’ll make a big show of cleaning up identity fraud with respect to this matter and to voter fraud and voter registration fraud. A microchip should take care of that.

baldilocks on October 29, 2008 at 2:45 PM

In the hand or in the forehead you say?

- The Cat

MirCat on October 29, 2008 at 4:02 PM

Just a thought:

I went to Yahoo Buzz to see the top political stories and the only “top story” with more Buzzup’s than this post was an article about Obama being ahead or tied in battleground states. The rest of the front page had buzzup’ of 3, 8, 22, 23, and 69. Are Hotair posts being given the thumbs down in mass to get them off of the front page? This particular post should be on the front page. What gives?

Theworldisnotenough on October 29, 2008 at 4:11 PM

An innocent explanation would be for multiple people in a household to want to donate using the same card.

shirgall on October 29, 2008 at 4:12 PM

Ace has a post about a former ACORN employee who has testified that Obama’s campaign gave their donor list to ACORN/Project Vote. Her job was to find donors who had maxed out and have them donate to ACORN instead. This gal was disgruntled because she was misusing her ACORN credit card and didn’t get away with it like the brother of ACORN’s founder got away with embezzling a million from ACORN.

Anyway, I wonder how many of these credit card donations using other people’s names actually come from ACORN credit cards. That would be another way to launder money from people already maxed out for FEC purposes.

justincase on October 29, 2008 at 4:18 PM

An innocent explanation would be for multiple people in a household to want to donate using the same card.

shirgall on October 29, 2008 at 4:12 PM

Um, which would be illegal. You can’t give money in your kids name. Husband and Wife would have different names on the cards…

And that still would not explain why you turn off checking the address and such…

Romeo13 on October 29, 2008 at 4:42 PM

Are Hotair posts being given the thumbs down in mass to get them off of the front page? This particular post should be on the front page. What gives?

Theworldisnotenough on October 29, 2008 at 4:11 PM

Just like the Diggbats, liberal nerd losers dominate sites like that, which is why I don’t participate in it. A Crazy leftist with no real job and 100 different accounts will merely give 100 thumbs downs to anything that doesn’t fit his leanings.

BKennedy on October 29, 2008 at 4:43 PM

Listening to C-SPAN this morning, a caller (on the dem line of course) said he believed 0bama was qualified to be POTUS based on the campaign he’s run.

I say yikes!

4shoes on October 29, 2008 at 4:49 PM

You published this in Slate? Awesome!

Tzetzes on October 29, 2008 at 6:15 PM

Fox Business channel has been discussing this every hour on the hour since this afternoon.

Domino on October 29, 2008 at 7:31 PM

What I have noticed is that it is mostly, almost exclusively, the MSM that, with their pseudo polls with skewing and slanting, have been suggesting that Barack Obama might win.

However, much to the contrary, and given that of the 12% Blacks in America — an estimated less than 5% will vote for Obama (less than 14 million Black adult voters in a country of more than 305 million!) — McCain has a better than most chance to win big time on next Tuesday.

Over the last several months, we have learned that Obama is a radical, repugnant, and incessant liar. Obama is a thug much like the many, many “friends” and “mentors” he hangs with — Rezko, Farrakhan, Rev. Wright, Khalidi, communist Frank Marshall David and others. Now we learn that Obama is definitively a socialist and extremist leftist. Obama gets upset when TV hosts point this out — why? — because it’s the truth. Barack Hussein Obama is a loser.

The tens of millions, and more, voters that have learned the ugly truths about Barack Obama are NOT going to vote for him. They will defeat Obama.

Obamalies or Lies Obama Tells:
http://www.nextgenerationcorp.com/NextGenBlog/?p=73

The best hope we have for our economy, our military, our health, and our freedom is to vote for John McCain — honorable, with integrity, and a true patriot.

God Bless America.

AdrianS on October 29, 2008 at 8:12 PM

If you were an enemy of the U.S. and could easily flood massive amounts of money to the candidate you wanted in office why wouldn’t you do it? If you could decide the who the President of the U.S. is wouldn’t you do it?

If the U.S. (or England or France) could fund (without being caught) the opposition leader to run for election in Iran or Russia or Venezuela or where ever wouldn’t they do it? Of course.

So why wouldn’t Iran or Russia or Venezuela or Cuba or China be doing this in the U.S. Presidential election? What if all these questionable hundreds of millions of Obama donations are coming from Iran or Russia or China or other unfriendly country?
Doesn’t the CIA or State Department or President even think of these possibilities and investigate?

albill on October 29, 2008 at 1:41 PM

Absolutely possible. The USA did it in Italy for years after WW2 and in Chile in 64 & 70 election just to name two incidents. So why can’t someone do it to us? Especially knowing gift cards are the unknown factor. Hard would it be for a country to buy 1000′s of $175 gift cards and have a center set up to enter “donations” into the system.

Sorry to be a conspiracy “nut” but I think I have more standing than a 9/11 truther!

VikingGoneWild on October 30, 2008 at 11:32 AM

The irony is that now we know how the system works, if a conservative tried it, they would be skewered. And even if they don’t try it, they will be accused of it.
The dems create voter fraud, then accuse others…

right2bright on October 30, 2008 at 12:10 PM

A blog has a post up revealing the html code from Obama’s donation site and it shows that the campaign is substituting a fake IP Address for the actual donor IP Address to cover the trail of the donors who are pulling possible major scams of pushing through tons of money for fake donors all on a common credit card loaded up by some big bucks backer.

CommentGuy on October 31, 2008 at 11:41 AM

The credit card companies are all located in Delaware.

Biden’s state.

Biden’s endorsement got the stupid bankruptcy bill through that exempted CCs.

Payback time.

wordwarp on October 31, 2008 at 8:44 PM

The credit card companies need to report ALL cases where more than one donation has been made from the same card.

However, we only need to publicize the cases with more than 100 donations from a single card. That alone would get very interesting. Too bad this didn’t come up earlier.

Pythagoras on October 31, 2008 at 10:28 PM

Mommypundit…there is no legal basis. The only thing they can do is to revamp the entire prepaid card system to include an application to be filled in before purchasing the prepaid card. Even so, who’s going to regulate these applications? When you buy prepaid cards (which are really like gift cards) you wouldn’t want to give your vital identity info everytime. I have four kids. We buy gift cards and prepaid cards like crazy for birthday presents. I wouldn’t buy them if I have to fill in an application every time I buy a $20 giftcard/prepaid visa/mc.

There is so much more going on here than you simply not buying a gift card. (By the way…who cares?)

The Obama campaign (and probably Bambi himself) are fully aware of what they are going. When I buy online these days, I am ALWAYS asked for the security code on the reverse of the card. ALWAYS. And if I misspell my name by a single letter, the transaction is denied. ALWAYS. And if I do not give an accurate billing address, the transaction is denied. ALWAYS.

And if the merchant wants to be ultra careful, the ship to address and bill to address must be the same. (Of course, this is not relevant with donations, but the idea is that a merchant can exercise as much or as little care as his is willing to risk.)

Under federal campaign finance rules, the candidate is required to exercise care in accepting donations, and do their best to prevent illegal donations. This is why candidates are prohibited from taking large sums in cash. And why records must be kept of donors and employers and amounts and so forth.

Clearly, by disabling verification checks on credit card transactions, and engaging in untracable, unverifiable transactions (like accepting pre-paid cards or gift card donations…which are the same as cash), Obama is knowingly engaging in conduct calculated to result in huge amounts of unverificable donations and unattributable donations.

No rocket science needed here.

Just a few more filled jail cells.

seanrobins on October 31, 2008 at 10:55 PM

I get it! Mohamed Q Money Banks can acquire, oh say, a couple hundred thousand credit card numbers for distribution to indiscriminate “community organizers” and they go about making multitudes of transactions to benefit Barry O.

That violates which, and how many federal election laws?

Greg the Californian on November 1, 2008 at 12:23 AM

Comment pages: 1 2