30 October 2008


Credit Card Payment Expert Explains the Depths of Obama's Fraud

Courtesy of Ace of Spades

(Original Posting Here)

It's amazing to me that I can get experts in the field composing essays to me, but the MSM can't manage to find a single expert to give a quote about this.

Beyond the first paragraph, he recounts his own easy-peasy false-name donation to Obama. That's old stuff you know about. I'm leaving it in because I think this guy wants a unified essay.

After he establishes his bona fides, skip to the bolded asterisk for newer stuff.

Since the media is having such a terribly difficult time of finding experts like this, I can offer his phone number to you to talk to him, on the off-chance you're interested. (And assuming he gives the okay, which presumably he would.)

Because many of our colleagues in the media have failed to investigate the shenanigans of the Obama Campaign, I have taken upon myself to uncover some improprieties. One that has troubled me greatly is Obama's very relaxed donation policies.

I have over 8 years experience working in the payment services industry. By
taking a closer look at Obama's online donation site, I have noticed that
his team has left the door wide open for credit card fraud by not putting in
the security measures to ensure full visa/mastercard authorization
compliance. This is outright irresponsible behavior on the part of Obama's
team and in direct violation of their agreement with Visa/Mastercard.

I did a test on his site. Acting as Joe Stalin, I went onto the Obama site
and donated $5.00. I used false information, address: 100 Red Square,
telephone number 323-666-1953, zip code 10001, Employer: Kremlin
Occupation: Dictator. I did use my valid credit card numbers and expiration
date. The typical security measures, Address Verification System and the
Card Validation Code are not present on the Obama site. So there is nothing
in place to verify who I am. (Please see attachment. [I have his attachment. I see no point in putting it up; we all know Obama's site allows this -- ace.]) I clicked submit. The transaction went through.

Then I went to McCain's site, and entered in the same information. Joe
Stalin. $5.00. As you can see, my donation was rejected for errors.

* What's the big deal? Obama has left the door open for anyone to run prepaid cards and foreign credit cards without proper screening. In addition, it is easy to run multi-transactions on the same card but under different aliases. In other words, an organization like Move On.org could run tens of thousands of transactions for millions of dollars using essentially cards belonging to only handful of very large liberal donors like George Soros, Peter Lewis and Eric Schmidt.

In addition, Obama's site violates his agreement with Visa/Mastercard. Visa Mastercard regulations require each credit card acceptor to "obtain the 3 digit Card Validation Code [CVV2 found on the back of your credit card. 4 digits for American Express Cards] and submit this code with all authorization requests with respect to transactions where the card is not present..." [cite:] Visa/Master Program Guide.

(Please see attachment or go to Obama's site. You will notice that Obama's donation site does not have this code requirement, which is in direct violation of Visa/Mastercard regulations.)

Speculations as to why?

Many foreign credit cards do not have CVV2 codes. Requiring such codes would limit foreign donations.

Secondly, disabling the security allows would be credit card thieves to
"ping" numbers till they get a hit. In other words, a crook could simply
type in random numbers until he found one sequence that worked in some
fashion. That could give a thief a starting point for committing credit-card fraud. If all they had to do was type nonsense values for names and addresses, such as Doodad Pro, they could quickly determine which numbers were valid - and they could probably program bots to do that kind of work.

[I consider this latter point a minor concern, given the fact that most fraudulent donors are willing coconspirators, not credit card thieves. However, it is interesting that Obama invites this sort of fraud, and doesn't take the most elemental step to eliminate it -- indeed, he is in direct violation of Visa/Master Card rules in failing to ask for this code. Why? Because he wants foreign donations, and he's willing to facilitate the occasional credit-card thief to get them. -- ace.]

No Address Verification System (AVS)

The Value of AVS from a credit card exper: I have over 30 years of
experience in investigating Credit Card Fraud and I can tell you, which you
may or may not know, that the merchant acquirer that is conducting the
collection of credit / debit card for the Obama campaign are responsible for
the actions to be taken regarding the Address Verification System responses.
The value of the AVS system is that the issuer of the card being used
provides back to the merchant acquirer a response based upon the information
provided during the authorization process. This response indicates to the
merchant acquirer if the card information was validated as to ownership of the account.
It is the merchant acquirer that determines what to do when
the authorization response is received. In most cases the transaction that
comes back with any negative meaning is denied. However, if the merchant acquirer has adjusted their system to accept any response as acceptable the transaction would be completed.

The value of the AVS system is to deny Card Not Present transactions (CNP)
which are suspicious. This protects the merchant against charge backs for
bad transactions. What is interesting to me is that the merchant acquirer
has knowingly violated a basic CNP fraud prevention technique to accommodate a merchant (Obama Campaign). I think that both the Associations (VISA & MasterCard) would be highly interested in looking at the merchant acquirer that was processing these transactions.
The value of ignoring the AVS
responses is that multiple invalid transactions may be made without fear of being rejected by the authorization systems. This means that the real owner
of the credit card account is willing to allow multiple transactions to be made on the account using different names and addresses that under normal conditions would be denied. The merchant acquirer has a complete listing of all transactions done and it would be very interesting to see how many transactions were conducted on the same account number using different names. I would think that this would be a Federal violation under the current campaign funding laws.

I hope you will take this inquiry seriously. I want a fair election. I do
not want either side to STEAL the election literally. Obama's tactics have
gone too far in my opinion. McCain is doing the honorable thing on his site
and playing by the rules. Obama is in clear violation of the rules. Is
this change we can believe in?

Name withheld, unless he tells me to print it. Helen Jones-Kelley may deem him to have stepped into the public light.

So I'll call him Modus Operandi.

No comments:

About Me

My photo
United States
lucky13flyah64 AT yahoo.com