Wednesday, October 29, 2008

Massive wire fraud by Obama's campaign?

I sent this to the Washington Post and the NY Times today in response to a story in the Post about the Obama campaign's collection of monies from credit cards. It appears the Obama campaign is breaking laws left and right on this.

The Washington Post story, "Obama Accepting Untraceable Donations," is found at:

Pass this on to your friends, email lists, and blogs. The address for this article is:

To get all that appears in Reading Between the Lines, go to the home page at:

Link! Link! Link!


Here is the email:

In your story today, it was stated by the Obama campaign that there is no way to verify a person's name using a credit card. The quote from the story is:

"When asked whether the campaign takes steps to verify whether a donor's name matches the name on the credit card used to make a payment, Obama's campaign replied in an e-mail: "Name-matching is not a standard check conducted or made available in the credit card processing industry. We believe Visa and MasterCard do not even have the ability to do this."

That is not true.

To verify a credit card holders name, the merchant (in this case the campaign) uses a collections web site page to punch in the credit card number, and then a code that the merchant does not have the card in-hand. The credit card terminal then asks for:

1) The digits of the person's address (I live at 3625 De Loach St., so the merchant punches in "3625"). The web page collects that as part of the donation process.

2) The digits of the person's zip code. Again, the web page collects this.

3) The 3-digit CCI code (4 for AmEx) on the back of the card. Broken record: The web page collects this to correlate the credit card account number with the CCI code, thus validating it is the correct account number.

4) The invoice number; in this case a contribution tracking number. The web page generates this when the donor hits the submit button.

5) The amount of the purchase; in this case, the amount of the contribution. The donor fills in the amount on the web page.

If everything does not match up, the credit card is rejected.

In the case you cited of Ms. Biskup, had the Obama campaign set-up their credit card processing to honestly confirm the giver is who he or she says he or she is, they would have set up their donation page to collect all that information - just as hundreds of thousands of other web merchants do every day.

The credit card processing computer would have thrown out all the donations placed in Ms. Biskup's name because the fraudulent credit card holder would lack, at the least, the CCI code, and unless there was a sophisticated identity theft, the fraudulent donor would also lack the home address digits and the zip code.

Even if the fraudulent donor had the address information, and the zip code, and the CCI, the Obama processors would have stopped taking donations when the legal limit was reached because it has to be attributed to a specific name and address, and in the example you gave in the story, the name would have come up in the Obama database as over the limit.

In the case of pre-paid credit cards, the name prohibition remains in place. It is nothing for today's financial databases to cross-reference a name and a donation. When the legal limit was reached, the database would reject any further donations from that name.

The truth is that there are safeguards in place to avoid credit card fraud, and these are meant to protect consumers from fraudulent merchants who attribute false sales to them, as much as protect merchants from fraudulent consumers. What the Obama campaign told you is not true.

I own a computer manufacturing company, and have database experts who can comment on the story. I also can put you in touch with Merchant Services for Visa and MasterCard who can discuss the security arrangements in place to handle these issues. I am available to talk with you about this.

Kenneth E. Lamb

Another thought I had while re-reading the post is this:

Each of the credit card transactions that had a fraudulent name, or address, or whatever else that was fraudulent, has to go back to the bank in the form of "charge-backs." If it's not an honest representation of who made the donation, it is by definition fraudulent.

A charge-back is when the bank goes into your account, and "charges back" to itself the amount of money that would not have been placed into the account if the bank knew about the fraudulent representations at the time the campaign made a "claim" for the credit card deposit.

What complicates this for the Obama campaign is this: a deposit from the credit cards by the bank to your account is really a form of a loan - you get the money, but it's yours to use so long as nothing comes up later to cause the charge-back to kick into effect. It's in the service agreement with the credit card processing agent.

In this case, we have massive - and I feel doubtless - criminal credit card fraud. The Obama campaign took money it had the ability to know it had no legal right to accept. Now watch how this turns into a form of bank fraud called wire fraud. (In this case "wire" fraud because it is fraud using communications lines to commit the fraud.)

Take the $275,000 that the Post story said is attributed to Ms. Biskup on Obama's campaign donations report. Leaving aside the obvious question of how that number got by the campaign's finance operation, it is reasonable for the banks to now charge-back against the campaign the money it "lent" to the campaign in the form of credit card deposits. The name attributed to the transaction is fraudulent, making the transaction itself fraudulent.

Put another way, if the campaign could not identify the card owner - which I've shown is not true - then the campaign should have declined the transaction. It is the merchant's obligation to verify who is making the charge. That is the reason for capturing all the information I outlined earlier. Instead, it processed the transactions with a reckless disregard for the truth.

The inability of the campaign to repay those charge-backs constitutes a form of borrowing - fraudulently - by the campaign. It took a loan from the bank it has no way to repay. It defrauded the bank out of its money.

On top of that, the potential charge-backs represent an interest-free loan. The Obama campaign couldn't help but know that if caught, it would have to repay the charge-backs, but in the time between the deposits into the campaign account, and the repayment to the bank, the campaign is getting an interest-free loan. Is that legal?

I doubt it.

But more important than anything else is what it says about the integrity of the Obama campaign and Obama himself. These people are criminals, plain and simple.

Add a few thousand charges of wire fraud to the list of Obama's "changes" for America.

1 comment:

Tom Mahoney said...

Mr. Lamb;

I've been seeing these reports in the blogosphere for about two weeks now. Yours is the first reference to the mainstream media running with it. Let me preface my remaining comments by saying that I am neither a Democrat nor a Republican so I have no political ax to grind. To be honest, I think both candidates are a danger to what's left of our country.

Your email to the Washington Post and NYT was right on target except that I'd change your "That is not true" statement to "That is an outright lie." I can't imagine for a minute that they really don't believe the card companies have the ability to do fraud checking. Of course they do. They've even automated it. I certainly have some doubts over the accuracy of the systems (and have accumulated a good bit of proof) but they do exist.

I would, however, respectfully question some of the points that you made in your "other thoughts."

I can't really comment on the issue of campaign funding laws. It's not my area but if they are required to keep track of donor's information then clearly, they aren't doing it.

Wire fraud? Again, not my area, but it would seem to me that unless the points of law can relate to committing campaign funding fraud to the wire transactions, there would be no offense. I say this because I'm not seeing anywhere in these stories that the Obama camp is violating any laws related to credit card payments.

The fact is that although the card companies do provide fraud fighting tools in the form of AVS and CCV, there is no requirement for an on-line merchant to use them. I'm quite familiar with numerous official documents, in particular the Rules for Visa Merchants and MasterCard's Merchant Rules Manual. Merchants are "encouraged" to use fraud prevention tools but not required to do so. And any merchant that doesn't use them, along with other third party fraud detection offerings, is just plain foolish. The on-line merchant eats the losses. Always. No exceptions.

But... By not doing even the basic fraud checking, they open the door for fraud to happen. Since the bad guys get nothing in the way of goods for their own use or to turn over for quick cash, I doubt that they are beating a path to the website. On the other hand I'd be willing to bet that more than a few fraudsters out there have used stolen card information on the Obama site if for no other purpose than to test the card information to see if it's valid. It's those guys that are committing the fraud, not the campaign.

The good news is that the real card holders who have been 'donating' without their knowledge will be able to contact the card issuer and start the chargeback procedure. Since the folks at campaign headquarters had all the fraud checking turned off, they don't have a chance of reversing those chargebacks. They'll loose the donations and pay between $15 and $30 in chargeback fees for every transaction. Due to the billing cycles and the reporting delays, the campaign probably hasn't seen much of this yet. It could get interesting when they do.

What concerns me more than all that is the recent press from Europe reporting that there more than a little evidence to tie Al-Qaeda to recent credit and debit card fraud. See my blog post at Can Al-Qaeda get some quick cash from this - no. Is it a cause for concern - you bet.

Tom Mahoney, Director
3800 E-commerce merchants united to protect against credit card fraud