Monday, July 23, 2007

Am I linked to crime?

If a terrorist bomb had blown up a ferry which sailed between Portsmouth and Bilbao on 5 April last, or a non-Basque bomb had exploded anywhere in Northern Spain on or soon after the same date, I could have become a key suspect. Even though I wasn't on the ship.

Why? Because my identity had been used to book passage on the ferry. The day before, the 4th, somebody who knew my name, my credit card number, and its expiry date used it to buy a ticket for that particular P&O Ferries sailing, to the GBP value of 770 euros. They made the booking by phone, sailed on the 5th, and probably got away with it because P&O don't ask for card security numbers on telephone bookings. I say 'probably' because, for all I know, the thieves may well have had that number too.

I'm not writing this to discuss how my card details were acquired. Such things are possible in many ways, especially when people travel a lot. Technology will eventually deal with them. And the card companies absorb such frauds and still seem to make extraordinary profits. The deduction from my card account will eventually be refunded.

It's the matter of my identity being used which worries. Especially since there's not a lot I can do about it. I can't even search for the perpetrator because P&O won't disclose to me the registration number of the car that actually sailed on the fraudulently obtained ticket. I presume they will do so to the card company's investigator, and would do to the police in Spain if I were that hypothetical bombing suspect.

I do know, gleaned with some difficulty from a conversation with a P&O official, that the registration was neither Irish nor British, and also didn't equate to any format used in the EU.

It could have been false. The car bearing it could, previously or subsequently, have been used in the commission of a crime, even that hypothetical bombing. If so, the only connection to that registration would be my credit card, however fraudulently so.

I travel to Spain often in the course of my work, as I do to many other parts of Europe and the world. I'll be going through Madrid again next month on my way to South America, for instance. I'm also likely to visit Spanish cities many times over the medium term future.

Spain is the first of the European countries to introduce API, advance passenger information, as a requirement for travellers coming in from outside the Shengen Agreement area. Ireland and Britain are outside it, because Maggie Thatcher wouldn't agree to Britain being part of passport-free travel between EU member countries. Under API, inaugurated by the US under its anti-terrorism regime, airlines are required to give the US authorities -- and now Spanish ones -- details about incoming passengers which include addresses, passport numbers and credit card information where available. It is a requirement which will become EU-wide by the end of the year.

Back to my situation. If the car registration which was fraudulently connected to my credit card was used in the commission of a crime in Spain, it is quite likely that under API my name would be 'flagged' on the computers of all Spanish points of entry. The next time I arrived in Spain, I'd be taken aside and arrested by immigration. It could even happen in any other country under Interpol agreements.

From a foreign country, with a different language, it isn't always easy to get such mistakes straightened out. Actually, on the historical evidence, it can be bloody difficult. Sometimes, even, it can be impossible.

OK, I've obviously changed my credit card since spotting the fraud. And there was only the one -- albeit large -- such transaction recorded on it. So it was clearly deliberately used as a once-off piece of thievery. Very professional, on the basis that it would show a month later and be challenged. Maybe even sooner if it had shown through internet banking.

But the link of my name to the transaction, and anything associated with the vehicle involved, is already indelibly made. Somewhere, maybe in several somewheres, this particular Brian Byrne could be connected, circumstantially and inaccurately, by an electronic chain to criminal activity of some kind. All because somebody once used my name and card number to book a ferry sailing.

But I'm innocent. I don't need to worry.

Do I?

No comments: