Via Bryan Preston, your must-see clip of the day. But before you watch, re-read Ed’s posts from October 26 and October 29 of 2008. This isn’t the first time AVS protections have mysteriously disappeared from Team Hopenchange’s donations page, and it’s not just the missing security-code field that got them in trouble in 2008. Remember how they made a point of accepting money from untraceable prepaid credit cards then too? WaPo raised an eyebrow at the time:
Sen. Barack Obama’s presidential campaign is allowing donors to use largely untraceable prepaid credit cards that could potentially be used to evade limits on how much an individual is legally allowed to give or to mask a contributor’s identity, campaign officials confirmed.
Faced with a huge influx of donations over the Internet, the campaign has also chosen not to use basic security measures to prevent potentially illegal or anonymous contributions from flowing into its accounts, aides acknowledged. Instead, the campaign is scrutinizing its books for improper donations after the money has been deposited…
When asked whether the campaign takes steps to verify whether a donor’s name matches the name on the credit card used to make a payment, Obama’s campaign replied in an e-mail: “Name-matching is not a standard check conducted or made available in the credit card processing industry. We believe Visa and MasterCard do not even have the ability to do this…
Juan Proaño, whose technology firm handled online contributions for John Edwards’s presidential primary campaign, and for John F. Kerry’s presidential campaign and the Democratic National Committee in 2004, said it is possible to require donors’ names and addresses to match those on their credit card accounts. But, he said, some campaigns are reluctant to impose that extra layer of security.
Republican Patrick Ruffini tested Obama’s AVS procedures at the time, attempting to donate five dollars by providing an address different from the one linked to the credit card he used. Result: Transaction accepted. Said Ruffini, who worked on online organizing for Bush’s campaign, “The ability to contribute with a false address, when the technology to prevent it not only exists but comes standard, is a green light for fraud.” Note the part too about AVS protections being “standard.” Mark Steyn checked the prefab template for his own little web store at the time and found that the defaults were all set for maximum verification. To make the system as lax as it was — and apparently still is — at BarackObama.com, you had to deliberately weaken its security checks. Which, per the staff’s own admission to WaPo, they did.
I recommend re-reading that old WaPo piece in its entirety as it cites the case of a retired insurance manager whose name had been stolen to donate $174,800 to Obama. In reality, the manager had never donated a cent. Team O claims that they catch all this stuff on the back end when they review the names and donations to look for suspicious activity, which is easy to do when the phony contribution came from “Bart Simpson” but not so easy to do when it came from “Paul Smith” or some other generic yet plausible (and possibly stolen) name. In fact, the end result of all this nonsense was an FEC discretionary review (i.e. audit) of the campaign. You would think, after that, that they’d do everything by the book this time. But when your fundraising’s going worse than expected, maybe your priorities change — assuming anti-fraud priorities were ever there to begin with.
Exit question: Should we be worried that these same guys are pioneering new ways to donate electronically?