Now, first of all let me get out of the way that this is not an attack on Mitt Romney or his campaign. This is an “attack” on internet pundits and the tendency of people to simply accept and repeat what they read on the internet, if it fits the narrative they want to believe.
Earlier today a friend of mine on Facebook posted a link to this blog post – Obama Campaign Not Using Verification System – which then references a blog post on Powerline, a well known website for supporters of the US Republican party, titled DUBIOUS DONATIONS ILLUSTRATED (ILLEGAL CONTRIBUTOR EDITION).
The posts take the Obama Presidential Campaign to task for not preventing potentially fraudulent “donations” on their website. My friend expressed disbelief and concern that this was true. Despite not being American (nor living in the US) I take an unhealthy interest in US politics and her post tweaked my interest so I read the first post. The post referred to Powerline’s John Hindraker’s successful attempt to donate to the Obama campaign with a fraudulent name and address. One paragraph stood out to me though, indeed one word (my bolding)-
Trying the same experiment over on the Romney website likely would not work, because the address verification system would determine that there is no “Illegal Contributor” living at the State Penitentiary associated with the credit card.
“Likely“? Wouldn’t it be relatively easy to test? So I did. I went to the Romney campaign website and clicked on the donate link. I put in my credit card number, expiry date, and CCV, and donation of $1. I didn’t put in my own name and address in though. Instead I put in –
Name Steve Jobs
Address 1 Infinite Loop Cupertino, CA 95014
The Romney campaign response?
Followed by a nice email –
Complete with a receipt –
So the Romney campaign happily accepted my donation, a donation from a foreigner, sitting at a computer in Sweden, using a VISA card from a foreign bank account, and using a fake name and address of a dead person.
What was that about rocks and glass houses?
The whole thing is really a beat-up of false outrage. I’ve worked with ecommerce for many years and am familiar with how the systems work. AVS, address verification systems, work by matching numbers in the address registered with the card to the numbers in the address submitted. They’re to help merchants avoid being defrauded and shipping goods or services to someone using a stolen or otherwise unauthorised credit card. In the case of donations there is no such risk of being defrauded. The card holder can submit a claim to their bank and be refunded, no goods have changed hand, nobody loses out. On the other hand, implementing AVS costs money, money that most political campaigns would rather use for other things. The only real reason for them to implement it is to avoid blog posts like these.
PS I’ve emailed the Romney campaign and advised them of the donation and that they should refund it in order not to fall foul of campaign finance laws.
PPS The email, a reply to their donation email and where they suggest corrections be sent … bounced –
Your message did not reach some or all of the intended recipients.
Sent: Mon, 23 Apr 2012 17:41:28 +0200
Subject: RE: Thank you for donating!
The following recipient(s) could not be reached:
Error Type: SMTP
Remote server (22.214.171.124) issued an error.
hMailServer sent: .
Remote server replied: 554 Denied [CS] [b28759f4.0.524876.00-2155.762984.p01c12m003.mxlogic.net] (Mode: normal)
A 554 Denied error likely means their system thought my email reply advising they should give me a refund was considered spam. Sigh.