Sorry, you’re correct about the CVV, but they could do both scams simultaneously, no? A superficial audit could be responded to with a set of unique legit card numbers as proof of legitimacy, while a software program is generating thousands of bogus contributions that never even hit the credit card companies (seems more likely than someone who wants to donate a $100,000 sitting there and making 500 contributions online). Of course a software program could also be set up to make the 500 legit donations.
I wouldn’t put anything past him. I wonder why all those “campaign finance reform” yahoos haven’t closed this “loop-hole” since 2008?