Of the 446 House and Senate members who have an online donation page, 47.3% do not require the three or four digit credit card security number (officially called the Card Verification Value, or the CVV) for Internet contributions.* The CVV is an industry-standard anti-fraud credit card security feature used by over 90% of all e-commerce operations and nineteen of the twenty largest charities in the United States. By not protecting themselves with industry-standard security, larger campaigns pay millions of dollars in extra card processing fees that could otherwise be avoided with the use of the CVV.

• The other industry-standard anti-fraud security feature is the software used to check a donor’s address against the address on file for the credit card. It is unknown whether federal campaigns protect themselves with this cross-referencing software (officially called the Address Verification System, or AVS). Unlike the CVV, it is difficult to tell if and to what degree a website uses the AVS.
• Given the scope of the problem within Congress, the Institute created an interactive 50-state map to allow citizens and journalists to identify which members of Congress lack industry-standard anti-fraud credit card protection on their campaign donation websites. Go to: www.CampaignFundingRisks.com

Third-party political fundraising organizations, such as ActRight and ActBlue, distribute millions of dollars to federal candidates, but lack industry-standard anti-fraud credit card security features to block fraudulent and international donations.

The Institute uncovered and identified an individual who established websites posing as both the Republican and Democratic National Committees. The individual has operated the phony websites for years and has accepted thousands of dollars in “donations.” GAI’s findings were detailed by ABC News.

The Institute discovered multiple Spanish language, foreign websites featuring video links that included embedded advertising directing individuals to the donation solicitation page of then-U.S. Senate candidate Marco Rubio. In addition, Rubio lacked CVV protection, which was corrected in May of 2012. As of this report’s publication date, many of these links are still up and active. This is a potential violation of the Federal Election Commission (FEC) solicitation laws.

Campaigns are not required to disclose donations from individuals who gave less than $200 in a campaign cycle unless the campaign is audited. Furthermore, campaigns do not even need to keep records of those who gave less than $50. Presidential candidates are raising large amounts of money that fall under the $200 threshold and audits are rare unless a campaign accepts federal matching funds. To this date (September 26, 2012), the Romney campaign has raised $58,456,968 and the Obama campaign has raised $271,327,755 in contributions under $200 for the 2012 campaign cycle. In the 2008 presidential elections, the Obama campaign raised $335,139,233 in donations under $200. Neither campaign has accepted federal matching funds nor have ever been audited.

The absence of industry-standard anti-fraud credit card security features render campaigns more vulnerable to so-called “robo-donations.” Robo-donations are large numbers of small, automated donations made through the Internet to evade FEC reporting requirements.

1. The absence of the industry-standard CVV and unknown use of AVS anti-fraud security for online credit card donations.

2. The presence of a branded, major third party-owned website (Obama.com) redirects its 68% foreign traffic to a campaign donation page.

3. Active foreign solicitation using indiscriminate email solicitations and exposure to social media.

• Obama Campaign Lacks the Industry-Standard Level Of Credit Card Security For Donations, But Uses It For Merchandise Purchases: To purchase Obama campaign merchandise, the campaign requires buyers to enter their credit card CVV security code, but does not require the credit card security code to be entered when making an online campaign donation. By GAI’s estimates, the Obama campaign’s failure to utilize industry-standard protections potentially costs the campaign millions in extra processing fees.
• Obama.com Purchased By An Obama Bundler In Shanghai, China With Questionable Business Ties to State-Run Chinese Enterprises: In 2008, Obama.com was purchased by an Obama fundraiser living in Shanghai, China, whose business is heavily dependent on relationships with Chinese state-run television and other state-owned entities.
• 68% Of Traffic To Anonymously Registered Obama.com Is Foreign: According to industry leading web analytics site Markosweb, an anonymously registered redirect site (Obama.com) features 68 % foreign traffic. Starting in December 2011, the site was linked to a specific donation page on the official BarackObama.com campaign website for ten months. The page loaded a tracking number, 634930, into a space on the website labeled “who encouraged you to make this donation.” That tracking number is embedded in the source code for Obama.com and is associated with the Obama Victory Fund. In early September 2012, the page began redirecting to the standard Obama Victory Fund donation page.

Search engine optimization (SEO) efforts, using common spamming techniques, may have been undertaken by unknown third-parties, generating foreign traffic to Obama.com.

* UPDATE: AS OF DECEMBER 21, 2012 A TOTAL OF 438 MEMBERS OF CONGRESS HAVE ACTIVE DONATION PAGES. OF THOSE, 238 (54.3%) HAVE CVV TURNED ON, AND 200 (45.7%) HAVE CVV TURNED OFF.