Ace received communications from professionals that gives us further detail on exactly how it was done..and more importantly, the implications:
Because many of our colleagues in the media have failed to investigate the shenanigans of the Obama Campaign, I have taken upon myself to uncover some improprieties. One that has troubled me greatly is Obama's very relaxed donation policies.
I have over 8 years experience working in the payment services industry. By taking a closer look at Obama's online donation site, I have noticed that his team has left the door wide open for credit card fraud by not putting inthe security measures to ensure full visa/mastercard authorization compliance. This is outright irresponsible behavior on the part of Obama's team and in direct violation of their agreement with Visa/Mastercard.
I did a test on his site. Acting as Joe Stalin, I went onto the Obama site and donated $5.00. I used false information, address: 100 Red Square,telephone number 323-666-1953, zip code 10001, Employer: Kremlin Occupation: Dictator. I did use my valid credit card numbers and
expiration date. The typical security measures, Address Verification System and the Card Validation Code are not present on the Obama site. So there is nothing in place to verify who I am. I clicked submit. The transaction went through.
Then I went to McCain's site, and entered in the same information. Joe Stalin. $5.00. As you can see, my donation was rejected for errors.
* What's the big deal? Obama has left the door open for anyone to run prepaid cards and foreign credit cards without proper screening. In addition, it is easy to run multi-transactions on the same card but under different aliases. In other words, an organization like Move On.org could run tens of thousands of transactions for millions of dollars using essentially cards belonging to only handful of very large liberal donors like George Soros, Peter Lewis and Eric Schmidt.
In addition, Obama's site violates his agreement with Visa/Mastercard. Visa Mastercard regulations require each credit card acceptor to "obtain the 3 digit Card Validation Code [CVV2 found on the back of your credit card. 4 digits for American Express Cards] and submit this code with all authorization requests with respect to transactions where the card is not present..." [cite:] Visa/Master Program Guide.
(Please see attachment or go to Obama's site. You will notice that Obama's donation site does not have this code requirement, which is in direct violation of Visa/Mastercard regulations.)
Speculations as to why?
Many foreign credit cards do not have CVV2 codes. Requiring such codes would limit foreign donations.
Secondly, disabling the security allows would be credit card thieves to"ping" numbers till they get a hit. In other words, a crook could simply type in random numbers until he found one sequence that worked in some fashion. That could give a thief a starting point for committing credit-card fraud. If all they had to do was type nonsense values for names and addresses, such as Doodad Pro, they could quickly determine which numbers were valid - and they could probably program bots to do that kind of work.
No Address Verification System (AVS)
The Value of AVS from a credit card expert: I have over 30 years of experience in investigating Credit Card Fraud and I can tell you, which you may or may not know, that the merchant acquirer that is conducting the collection of credit / debit card for the Obama campaign are responsible for the actions to be taken regarding the Address Verification System responses.The value of the AVS system is that the issuer of the card being used provides back to the merchant
acquirer a response based upon the information provided during the authorization process. This response indicates to the merchant acquirer if the card information was validated as to ownership of the account. It is the merchant acquirer that determines what to do when the authorization response is received. In most cases the transaction that comes back with any negative meaning is denied. However, if the merchant acquirer has adjusted their system to accept any response as acceptable the transaction would be completed.
The value of the AVS system is to deny Card Not Present transactions (CNP)which are suspicious. This protects the merchant against charge backs for bad transactions. What is interesting to me is that the merchant acquirer has knowingly violated a basic CNP fraud prevention technique to accommodate a merchant (Obama Campaign). I think that both the Associations (VISA & MasterCard) would be highly interested in looking at the merchant acquirer that was processing these transactions. The value of ignoring the AVS responses is that multiple invalid transactions may be made without fear of being rejected by the authorization systems. This means that the real owner of the credit card account is willing to allow multiple transactions to be made on the account using different names and addresses that under normal conditions would be denied. The merchant acquirer has a complete listing of all transactions done and it would be very interesting to see how many transactions were conducted on the same account number using different names. I would think that this would be a Federal violation under the current campaign funding laws.
I hope you will take this inquiry seriously. I want a fair election. I do not want either side to STEAL the election literally. Obama's tactics have gone too far in my opinion. McCain is doing the honorable thing on his site and playing by the rules. Obama is in clear violation of the rules. Is this change we can believe in?
Needless to say, the dinosaur media want absolutely no part of this story...an dth eprecedent it's set for future elections, aside from the criminal aspects, is highly toxic for our democracy.