Just to be sure...
On your Failure - Info incorrect use case, where the: User is presented with an Error screen, informing them that there was a problem processing their donation and to please check the information they entered.
Don't re-show the cc # since you're not guaranteed who the person on the other side is; what with password managers, etc. It's easy enough to login with someone elses account and enter a bogus donation amount you know will fail (such as 80K, 200K, etc.) and pull up the 'correct your info' page. Only allow adds/deletes of cc #'s, never edits.
You might consider breaking up the workflow a little bit into separate pages to give the feeling of immediate progress, and less that of a spam collecter. Maybe like:
a) enter username/password (two fields only).
b) enter donation amount, message from donor; show feel-good message from impending recipient.
c) enter cc# info (collect address at this point)
d) confirm donation choices (confirm password too)
e) submit, receipt, thanks, and tax printout
A last point, in the sysadmin use case you might provide a configuration on the comfort level of 'auth' recieved in order to make the transaction succesful (e.g. zip matches but address does not, name matches but zip does not, etc.). Depends on the cc processor.
Oh, and the idea of pre-configured donation amounts, based on the individual campaign or website; in addition to free-form entry is great.