Finding the Threshold Of the Obama Campaign's Anti-Fraud Measures
If it exists at all, one has to plumb pretty deep to find it.
I went to the Obama campaign website and entered the following:
Name: John Galt
Address: 1957 Ayn Rand Lane
City: Galts Gulch
Then I checked the box next to $15 and entered my actual credit card number and expiration date (it didn't ask for the 3-didgit code on the back of the card) and it took me to the next page and... "Your donation has been processed. Thank you for your generous gift."
This simply should not, and could not, happen in any business or any campaign that is honestly trying to vet it's donors.
The same ["John Galt"] claims to have tried to donate the same way on McCain’s website and had his card rejected.
Reader “Dale in Atlanta” says he tried it with a fake name and the transaction showed up on his credit card immediately — but marked “pending.” We’ll find out later today if it clears.
Further to my post below about the Obama campaign intentionally disabling security checks for their credit card donations, several readers have wandered over to the site to test it out. One was accepted with the following details:
Name: JarackBoe BOamabiden
Address: 2345 Fak Addrss Lane
The only query he got back was to ask him if he didn't want to give more money.
You'd think a diligent New York Times reporter might want to check out this thing. After all, most of them have already been over there to make their own donations, so it's not like they don't know the URL.
[UPDATE: And another - a $15 donation from:
Name: Della Ware
Address: 12345 No Way
Far Far Away, DE 78954
Employer: Americans Against Obama
Frankly, its easier than I'd believe to do this. Courtesy of my (real) CC number and expiration date, the Obama campaign has just received a $19.45 donation from mister Adolf Hitler, whose occupation is "Dictator" at the company "National Socialist Party of Ger" (I got cut off). I captured screenshots to prove this.
No verification required. The listed address wasn't even close to my real address.
And finally, me, just now, with the following data:
Name: Nodda Realperson
Address: 1000 This Is a Bogus Street
City/State: Neighborhood of Makebelieve, CA
Employer: Barack Obama
Occupation: Cow-Eyed Disciple
The debit transaction (of $5) processed at my account within 90 seconds.
What robust security! Aren't you reassured knowing that Obama's $250 million or so in small-dollar donations that will never see the light of FEC disclosure are so painstakingly vetted?
To clarify, via an AoS commenter, this appears to be deliberate:
"Having worked for companies that process credit cards online, it is necessary to go through and manually disable the safeguards that they put in place to verify a person's address and zip code with the cardholder's bank."
Update: At 1:47 pm, Steyn posted an update:
NR reader "Borat Oblama" writes:
I tried to donate $5 in the name of "Borat Oblama" from "Madeuptown, USA", using a legit credit card number, and got a screen saying the card didn't match the address.
Apparently they've been shamed into reinstating the security checks.
Pity we didn't figure this out in August
My glaringly fake transaction went through more than 15 minutes after that update, so security is most assuredly not reinstated.
Update: Patrick Ruffini (having also just contributed $5) has more on the very standard security measures Obama had to eschew in order to make his site so porous to excessive, foreign, and otherwise fraudulent contributions.
The issue centers around the Address Verification Service (or AVS) that credit card processors use to sniff out phony transactions. I was able to contribute money using an address other than the one on file with my bank account (I used an address I control, just not the one on my account), showing that the Obama campaign deliberately disabled AVS for its online donors.
AVS is generally the first line of defense against credit card fraud online. AVS ensures that not only is your credit card number accurate, but the street address you've submitted with a transaction matches the one on file with your bank.
Authorize.net, the largest credit card gateway provider in the country, lists AVS as a "Standard Transaction Security Setting," recommends merchants use it, and turns it on by default. So, in order for AVS to be turned off, it has to be intentional, at least with Authorize.net.
Handcrafted by Flip on October 23, 2008 |
TrackBack URL for this entry:
Listed below are links to weblogs that reference Finding the Threshold Of the Obama Campaign's Anti-Fraud Measures:
» Criminal Obama Campaign Reinstates Disabled Security Measures As People Take Notice of the CrimeUpdated: Not Reinstated? from Ace of Spades HQ
Now they've turned the security system back on. Just switched it on. Took one minute. Gee, why was it off all this time? It seemed they were able to turn it on in a second, the moment they got caught.... [Read More]
Tracked on Oct 23, 2008 2:16:45 PM
» Obamas Newest Donor: John Galt; Updated from The American Pundit
UpdateX4: Maybe you should forget that last update. According to Allahpundit, blogger Suitably Flip just successfully donated with the following information: Name: Nodda Realperson Address: 1000 This Is a Bogus Street City/State: Neighborhood of Makebe... [Read More]
Tracked on Oct 23, 2008 2:23:21 PM
» Obama Campaign Finance Fraud from Right Voices
MEDIA REFUSING TO REPORT, INSISTS CONTRIBUTIONS ARE REAL DESPITE OCT. 9 NYT REPORT NOTING FICTITIOUS CONTRIBUTORS This story is getting some notice. Mark Steyn cautions, though: Stop donating just to test it out. Its clear its d... [Read More]
Tracked on Oct 23, 2008 4:18:10 PM