Comments on: Coleman Web site dropped promise not to store donors’ credit card data

By: Patti Murphy

Patti Murphy — Sun, 15 Mar 2009 15:02:04 +0000

It would seem to me that the bigger story a lot of folks are missing is the fact that the Coleman campaign was in violation of Payment Card Industry (PCI) Data Security Standards (DSS) which specifically require any Web site collecting credit card data engage in specific practices to protect cardholder information.

By: Minnesota Central

Minnesota Central — Sat, 14 Mar 2009 18:42:39 +0000

Let’s ignore the Coleman instance for a second and consider the potentially bigger problem.
There are some important questions that need to be asked :
What company did Coleman hire to collect his donations ?
Did that company perform similar work for others ?
If so, does that company maintain “illegal” information on their databases ?

According to WikiLeak, the information that was contained on Coleman’s files included : Unique ID number, first name, last name, city, state, zip, phone, e-mail, employer, title, type of credit card used, name on card, last four of credit card, CVV2 value of the card, donation amount, authorization code from credit card processor, AVS (address verification) match, and a timestamp.
There is a violation of Minnesota Statute 325E.64 by retaining the card security code data.

If the company maintained this information for the Coleman campaign, was the same information maintained by other campaigns ?
The Coleman incident may have exposed a problem that every political campaign needs to address. Proactively, every campaign that collected monies through credit cards needs to perform an internal investigation and issue a press release if illegal information was maintained.

There is no reason for waiting for the FBI, Secret Service, FEC or MN Attorney General to investigate … campaigns need to be forthright and transparent.

By: News Day: Coleman campaign circus / “Don’t do anything embarrassing” / Water bill / Recount and more « Mary Turck

Fri, 13 Mar 2009 15:15:27 +0000

[...] card numbers and security codes out on the internet for anyone to scoop up; the Coleman campaign violated its own promise to donors not to store their credit card numbers; the Coleman campaign probably violated MN law by not [...]

By: Anonymous

Anonymous — Fri, 13 Mar 2009 03:03:14 +0000

Looks like someone got started with just that: http://file.sunshinepress.org:54445/coleman-webster-ag-2009.pdf

By: eb

eb — Fri, 13 Mar 2009 01:57:44 +0000

The only way to get the FTC involved is for someone to step up and file a complaint.

By: Anonymous

Anonymous — Thu, 12 Mar 2009 23:27:36 +0000

The FTC might want to have a word with Normie. He appears to have been engaged in unfair and deceptive marketing practices per Title V of the FTC Act.

By: mill

mill — Thu, 12 Mar 2009 23:11:09 +0000

What good is a policy if it’s not followed? Reminds me of the “we don’t torture” Bush administration.