Archive for October, 2008

New Article Demonstrates Ease of Tracking Donors

Friday, October 31st, 2008

While Obama insists that tracking and disclosing his donor database is too difficult, the respected National Journal demonstrates that this simply isn’t the case in a new article entitled, Common Web Tools Make Tracking Donors Doable.

According to Bank of America, one of the two banks processing Obama’s online donations:

A five-minute phone call to Bank of America’s merchant-services department showed how a campaign could sort transactions to identify the credit cards used in donations.

The campaign could download transaction data from the bank’s Web site and transfer the file into a database, such as Excel, said the Bank of America employee. “Then highlight all your transactions and click your sort button,” the employee said.

The implication is that the Obama campaign could use this reporting to discover those multiple donations conducted by individuals faking names and addresses.

In addition, it was discovered that the Obama campaign does in fact track the IP addresses of donors:

Software code on Obama’s online donations page indicates that the site recognizes the IP address of everyone who gives money. It can be viewed by selecting page source from the “view” menu on most Web browsers. The code for donate.barackobama.com includes an “ip_addr” field, which records the visitor’s IP address.

So we now know that the Obama campaign tracks IP addresses.  Which, of course, begs the question on how foreign  donations are getting through.  And since the front-end AVS fraud filters are turned off why wouldn’t the Obama campaign use the IP information it already collects to help prevent inappropriate foreign donations?  Isn’t this supposed to be the internet generations’s candidate and campaign?!

What else is behind the curtain of the Obama donation website?  Perhaps the good folks at Blue State Digital can shed some light.  BSD provides the Obama campaign with its online fundraising tools and apparently offers online fundraising consulting advice to the campaign as well.  We’d like to know how Blue State Digital advised the Obama campaign on AVS checks, IP filtering and other fraud prevention methods.  Did they recommend AVS fraud be turned off?  Did they recommend best practices and the Obama campaign ignored them?  Unfortunately, Blue State Digital declined to respond to questions from this blog.

Yes, He Can – Slate.com Proves How Easy it is for Obama to Disclose His Donors

Friday, October 31st, 2008

In a previous post, we quoted Obama as stating that disclosing his donor database would essentially be too difficult.  This morning, Slate.com has a headline story that explains how in just a few short hours, they were able to process a similarly sized database.

Barack Obama refuses to release the names of the 2 million-plus people who have given his campaign less than $200. According to campaign officials, it would be too difficult and time-consuming to extract this information from its database.

So how come we were able to do it in a couple hours?

Read it all.  And if this fires you up, please sign the petition to get Obama to disclose his donor records.

Preventing illegal foreign contributions with AVS, BIN#’s and GeoIP filtering

Thursday, October 30th, 2008

While the Obama campaign continues to invite fraud by allowing transactions from outside the US or with credit cards issued from international banks, some readers have asked how easy it would be to prevent these kinds of problems.  The answer is “extremely easy”.

There are two basic approaches to preventing foreign contributions: 1) Preventing transactions on foreign credit cards and 2) preventing transactions from foreign countries

Preventing transactions using a foreign card
This is straightforward, but requires the use of Address Verification System (AVS).  As described elsewhere on this blog, the AVS system returns a series of codes that the merchant can use when deciding to accept a transaction or not.  In addition to verifying the address, the AVS also lets the merchant know if the transaction is international or domestic.  For example a “Code G” signifies that the credit card issuing bank is of non-U.S. origin and does not support AVS.  Recognizing codes like this is standard functionality of most e-commerce solutions.

Alternatively, the Obama campaign could query the BIN number of the credit cards to determine where the cards were issued.  The BIN# or IIN# is used to identify the institution that issued the card.  BIN lists are freely available, even on Wikipedia.

The Obama campaign could argue that by implementing these controls, they might be disenfranchising American citizens living abroad, but this is simply not the case.  The Obama campaign has a separate site to handle contributions from Americans living abroad, which requires a passport number to donate.  They could simply adjust the AVS or BIN # criteria for donors on this site to allow for international cards, while blocking them from the domestic donation site.

Preventing transactions from a foreign country
The second approach, preventing transactions from a foreign country, is also fairly simple to implement.  Companies like MaxMind offer services that provide merchants with a list of known IP addresses in the US, and only allow complying addresses to enter the site.  This software is not perfect, but it has gained fairly broad acceptance and is frequently used in the entertainment industry to protect content from international distribution.  Configuring an Apache web server to support GeoIP filtering is extremely straightforward, and can be implemented with some minor coding on Microsoft servers.  Given the high quality of the Obama site, I imagine implementing this software would not be a challenge for their web team.

It seems to me, that the Obama campaign could use IP filtering to ensure that only American IP addresses can access the domestic donation site, and direct foreign donors to the Americans living abroad site.  This might be a good question for a journalist to ask the Obama campaign – are they using any IP filtering?  It’s easy to set up, it’s cheap, and it’s great at flagging foreign transactions.  If the Obama campaign is not using IP filtering, why not?  Anyone care to ask the Obama camp?  Will the Washington Post?  Will the New York Times?  Anyone?

Obama Says Donor Records “pretty hard to process”

Thursday, October 30th, 2008

Charlie Gibson of ABC just interviewed Obama and asked him why he won’t disclose his donor list.  Obama proceeds to dissemble by claiming that the donor list would be too difficult to process and that the campaign is technically following the letter of the law, never mind the spirit of it:

GIBSON: You’re going to have a half an hour broadcast tonight on a number of the networks. And the expense is not inconsiderable to buy that much time.

OBAMA: Right.

GIBSON: Aren’t you able to buy it only because you broke a promise on campaign financing?

OBAMA: Well, look, there is no doubt that the amount of money that we’ve raised in this campaign has been extraordinary and surprised me as much as anybody — maybe more than anybody. What I would simply point to is that the way we have raised this money has been by expanding the pool of small donors in this country in an unprecedented way.

GIBSON: But you haven’t released their names.

OBAMA: We’ve got…

GIBSON: We don’t know who they are.

OBAMA: Well, look, the — a whole bunch of them were out here today. I mean, you’re looking the people who are giving 5, 10, $25. Ordinary folks who have gotten impassioned about this campaign in a way that is unprecedented. And that, really, is…

GIBSON: Shouldn’t we know the names of that list?

OBAMA: Look, you know, 3.1 million donors would be a pretty hard thing for us to be able to process. And we have done everything that’s been asked of us under the FEC guidelines. These are small donors. They’re ordinary folks. And the idea behind all campaign finance reform is to make sure that the public official is not bought and sold; that that public official is accountable to the public, that they are not subject to undue influence by big special interests in Washington and lobbyists…

Raising money from small donors in an unprecedented way?  That’s an understatement.

Calculating the Potential Impact of Fraudulent Donations

Wednesday, October 29th, 2008

How big of an impact could the Obama campaign credit card donation loophole have in this election? Let’s do some math. Follow along…

The Open Secrets website is a great place to start and allows us to determine the total dollars raised by each campaign as well as the amounts attributed to donations over and under $200.  According to the site, the Obama campaign has raised an astounding $639 million dollars.  $364 million of these dollars came from donations over $200.  The remainder of the donations can be attributed to donations under $200 and is calculated to be ($600M – $364M) = $275M.  So that’s $275 million dollars worth of donations that the Obama campaign is choosing not to disclose.

We also know that two thirds of Obama’s donations have been made online. Now, we take the total number of all donations under $200 (remember, this totals $275 million) and multiply this by two-thirds to calculate the number of undisclosed donations that are highly susceptible to online fraud.  This equates to $181 million dollars worth of online donations that the Obama campaign has deliberately put at risk by turning off online address verification. That’s also $181 million dollars worth of donations that the Obama campaign has chosen not to disclose.

Obama and McCain campaigns by the numbers

Obama and McCain campaigns by the numbers

To give you a sense of scale, this amounts to almost 50% of the total funds the McCain campaign has raised this election cycle!

Obama accepts foreign donations?

Wednesday, October 29th, 2008

A Canadian reader of this site recently donated to the Obama campaign and the donation was accepted. The credit card was issued in Canada and the donation was submitted using a Canadian address on a computer in Canada. Will the Obama campaign refuse this most obvious of foreign donations?  Keep in mind, because this donation used a Canadian address, it doesn’t test the theory of what happens when a foreigner gives a credit card donation with a fake U.S. address.  Stay tuned…

Below is a screenshot from their online banking account showing the donation to Obama for America.  Obama has now taken that money and is free to spend it at will.  Of course, their “back-end verification” may eventually identify this as an illegal contribution and return it, but in the mean time they are receiving an interest free loan from a foreigner that Obama can use on advertising, travel and GOTV expenses.

If there are any other non-U.S. citizens who have successfully given to the Obama campaign, please let  us know so we can report on it.  Send your reports to mike@obamashrugged.com

UPDATE: Morgen at Verum Serum has some interesting findings related to foreign web support for Obama.

Scott Johnson discusses Obama’s credit card fraud problem on Fox News

Wednesday, October 29th, 2008

Fox News had Scott Johnson from Powerline, who broke the story on this scandal, was interviewed on Fox News this morning where he gave an excellent assessment of the problem with the Obama campaign’s treatment of credit card contributions and the utter lack of fraud prevention tools to stop these unlawful contributions.

UPDATE: A reader informed us that it was actually Pamela Geller at Atlas Shrugged who broke the story.

If you are as outraged about this as we are, please sign the petition!

Is the MSM starting to notice?

Wednesday, October 29th, 2008

It looks like the MSM is starting to pick up on the credit card problems inside the Obama campaign.  The Washington Post’s Matthew Mosk wrote a story about Obama Accepting Untraceable Donations that appeared on page A02 of the paper today.  In addition to the credit card problems, Mosk points out that the Obama campaign is also accepting completely untraceable Visa and Mastercard gift cards – something the McCain campaign and the RNC were astonished to hear.

Senator Obama collected nearly $100 million in Internet contributions in September, and with no security and clearly inadequate identity checks, it is even more important that his complete list of donors be released so they can be looked at more carefully.  Don’t let Obama buy this election with questionable money!  Sign the petition today!

Web contributions require new laws

Tuesday, October 28th, 2008

While the mainstream press continues to ignore the audacious decision by the Obama campaign to allow false names and addresses to be submitted with web credit card donations, the San Antonio Express has chimed in with a fair and balanced editorial.

…But the amounts are now so large and the contributions so numerous that even campaigns committed to abiding by finance laws are hard pressed to do so. Anyone intent on circumventing the law can — at least for a while — do so successfully.The game changer has been the Internet. The revolution in Internet fundraising makes it easier for more people to contribute. The historic number of small donors who have given to Barack Obama and John McCain in 2008 reflects this fact.

Obama, in particular, has capitalized on a huge network of online donors, according to media reports.

The Internet also makes it easier for people to game campaign finance regulations. Federal law requires the disclosure of donor information for contributions in excess of $200, capped at $2,300 per candidate for the primary and general election. But if you can make a series of smaller donations under false names, you could potentially donate an unlimited amount and avoid scrutiny.

About half of Obama’s more than $600 million in contributions are less than $200 and do not have to be identified under the law, the Associated Press reported. McCain’s Web site is listing all contributors, including those who gave less than $200, the wire service noted.

There is much that is unprecedented here.  According to the AP, $300 Million of the money Obama has raised does not need to be disclosed to the public because these donations fall under the $200 threshold.  The Obama campaign refuses to disclose this list (unlike the McCain and Clinton campaigns which have offered full disclosure on below $200 donors). And, from what we know, Obama is also the first and only Presidential candidate to turn off fraud checks on his website, thereby creating all sorts of loopholes for campaign finance fraud.   While Obama may be techically obeying the letter of the law, he is certainly violating the spirit of the law.  Why???

Obama Campaign Paid More to Turn AVS Off

Tuesday, October 28th, 2008

Greg at Greg’s Weblog has done some online investigation revealing more evidence that the Obama campaign deliberately disabled address verification on their website for nefarious purposes:

How long ago was that? The information I can find says

MasterCard offers AVS at no additional charge to all merchants who accept U.S. – issued cards.

Then there’s this

A Non-Qualified rate fee is the worst rate possible for processing a credit card. A merchant is charged a non-qualified rate for transactions that the merchant account provider (i.e. the bank) feels are high risk.

The non-qualified rate will be substantially higher than the Qualified and Mid-Qualified Rate.

A merchant is charged a non-qualified rate for credit cards that are processed without Address Verification. A merchant may also experience a non-qualified rate for transactions from foreign countries.

In short, Obama paid more to get AVS turned off.

Update:
Additional research found this:

Address Verification System (AVS): $0 – $0.05 per transaction

The AVS service checks to see that the billing address given by the customer matches the credit card. If you opt not to use AVS, VISA and MasterCard will not support your transactions and will charge you an additional 0.17% to 1.25% on those sales. Most merchant accounts do have an AVS charge, even if it’s bundled with your transaction fee. The AVS service works only with US credit card holders.  Currently, there is no AVS service in place for non-US credit card holders.

Let’s assume Obama got the 0.17% rate increase. His average donation in September was $86. He paid an extra 15 cents on each order, to “save” 5 cents. By disabling AVS, best case is he lost money on every donation > $30.

Big deal? Well, 0.17% of $150 million (his take last month) is $255,000. Having AVS on would have cost, at most, a third of that.

You don’t lose hundreds of thousands of dollars on an “innocent mistake” that you had to work hard to get done.

Crossing the Line to Boost the Bottom Line

Tuesday, October 28th, 2008

In this speech Obama calls for more restrictions on credit card companies and accuses credit card companies of “crossing the line to boost their bottom line”. Ironic, no?

Campaigns, Credit Card Fraud and AVS.

Tuesday, October 28th, 2008

The issue we, as ecommerce professionals, is that the Obama campaign has chosen to disable tools that can help verify that the contributors to his campaign are who they say they are, and are legally allowed to contribute to his campaign.  Why is this important?  In the context of elections, where there are laws that govern who can contribute, and how much they can contribute, these anti-fraud tools can prevent campaigns from accepting contributions that exceed legal limits, or originate overseas.  The McCain campaign has implemented these controls, but the Obama campaign still refuses to do so.

The concern is simple, without adequate checks, it is easy for an individual donor to circumvent campaign fundraising limit of $2300 by making dozens of contributions in the amount of $199 or less and using different names and addresses each time.  Because the contributions are less than $200, they do not need to be reported to the FEC, so the public cannot independently verify the names and addresses of the donors.

An additional concern is that, without the proper checks, a donor from a foreign country can enter a phony US based address, and unlawfully contribute to the Obama campaign.

One tool that the Obama campaign should implement is AVS.  What’s AVS?  Here’s a snip from Wikipedia:

The Address Verification System (AVS) is a system used to verify the identity of the person claiming to own the credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company. The other security features for the credit card include the CVV2 number and the expiration date.

AVS verifies the numeric portions of a cardholders billing address. For example, if your address is 101 Main Street, Highland, CA 92346, AVS will check 101 and 92346. Sometimes AVS checks additional digits such as an apartment number, other times it does not. As a result you may receive false negatives from e-commerce verification systems, which may require manual overrides or reprogramming of the AVS entries by the card issuing bank.

Simply put, the AVS can verify that a donor, at a minimum, is making the contribution from a US based address, with a credit card issued in the US, and make it more difficult a single contributor to violate fundraising laws by using multiple addresses.

Unfortunately, the way the Obama campaign is handling their credit card transactions, AVS will not stop all fraudulent activity.  For example, if a donor’s address was 123 Mockingbird Lane, Anytown 22001, that donor would would still be able to make unlawful contributions by using any phony address that started with “123” and used the zip code “22001”.

Right now, the only way we can make sure that the Obama campaign is not fraudulently accepting contributions though this federal election law loophole is to demand the Obama campaign release the details of these small contributions so we, the people, can verify that they are legal.  Please sign our petition today!

Sign the petition!

Tuesday, October 28th, 2008

Obama claims to be a champion of more transparency in politics and government.   In light of his claim and in light of the fact that both the McCain and Clinton campaigns have opened their donor databases, we immediately request that Obama does the same.  If he has nothing to hide, he will be more than happy to share this information with the public.

Obama Shrugs?

Monday, October 27th, 2008

The authors of this blog are concerned internet professionals who have worked in and around e-commerce and internet marketing for over a decade.  We’ve taken to writing this blog due to the media’s unwillingness to tackle what is potentially one of the largest cases of fundraising fraud in presidential campaign history.  And since this is a topic near and dear to our hearts, we felt like this blog could help shine a bright light on the murky world of Obama’s  online campaign fundraising machine.

Recently, it has become abundantly clear that the Obama campaign has deliberately made it easy for motivated Obama supporters to violate campaign finance law. The Obama campaign has for some reason intentionally deactivated basic credit card fraud filters on its website, thereby allowing contributors give donations with fake names and addresses.  What this has done is essentially create a loophole for folks to circumvent federal election contribution limits (they can give more than $2,300 and nobody will ever know!).  And it creates an added bonus: it is now much easier to give illegal foreign donations as well!

This is not just rumor-mongering.  Several citizens have already tested the Obama campaign website by using purposely incorrect names and addresses.  And the results are in…the Obama campaign has accepted these donations and the respective credit card accounts were charged.  These fraudulent donations were accepted as a direct result of the Obama campaign deliberately turning off the basic fraud checks that are used to verify a credit cardholder’s address. It is almost unheard of for an online merchant to turn off these filters.  Afterall, who wants to ship a product to the wrong address? Today, it remains unclear why the Obama camp turned these filters off.

What are the ramifications? Well, the Obama campaign can accept an almost unlimited amount of money from any contributor by allowing them to repeatedly use false names and addresses with the same credit card for any online credit card donations.  This can also feasibly allow non-US citizens (who are legally prohibited from donating to any US political campaign) to donate to the Obama campaign by simply making up a United States address.   Depressingly, there are few real legal mechanisms to prevent this as the FEC reporting requirements for donations under $200 are minimal and the law hasn’t caught up with regulating these donations online.

To be clear, there is not PROOF that the Obama campaign has received millions of dollars of unethical donations.  But the Obama campaign’s complete disregard for the spirit of the law and the recent findings of donor fraud sure don’t look good.

Given the lazy and confusing reporting the mainstream press has so far offered the public, we feel a compelling need to stay on top of this issue until it is proven that the Obama campaign  did not -and is not- systematically accepting fraudulent donations.

There’s a simple way for the Obama campaign to clear this matter up.  All Obama has to do is simply release his campaign’s donor records (as have the McCain and Clinton campaigns).  If he has nothing to hide, Obama should welcome the request.  Obama talks about how we need more transparency in government, so let’s see him walk the talk.