Brexit Britain: how the EU ETIAS visa system could fuel UK cyberscams

It’s fair to say I’m not an unalloyed fan of the US Government ESTA visa Waiver system which since 2009 has been used to approve visitors to the US through an online form at least 72 hours in advance of boarding a plane.

For all its benefits for airline security, the unintended negative effects of this system became apparent within weeks of its launch, specifically the way it fuelled an industry of bogus websites charging extortionate fees by pretending to help travellers check their eligibility, a bane that continues to this day.

From 2010 the fee was $14 (£10) per traveller to apply for an ESTA but many convincing-looking fake sites charged several times this simply to submit the same traveller data to the real site. The worst of these sites were supected of harvesting passport numbers and passenger information to aid identity theft.

Incredibly, search providers blindly took (and continue to take) money to put these dubious middlemen at the top of results pages, boosting their visibility. A sizable number of travellers from the UK and other countries ended up over-paying as the US Government seemed oblivious to the way the official ESTA site was being pushed down search results.

To this day, little is done about the problem of ‘unofficial’ ESTA sites in the UK because the authorities still claim that no law is being broken. If a person is fooled by sites that pass themselves off as helpful services when they’re not then that, apparently, is their own fault.

Here’s why this tale still matters in 2016 – inspired by the apparent success of ESTA, the EU has now proposed an equivalent system for people visiting the 26 Schengen Area countries, the EU Travel Information and Authorisation Scheme (ETIAS), details of which are due to be published later in 2016.

What are the chances ESTA’s diffcult history will repeat itself for travellers? Fairly high.

ETIAS – the bill for Brexit?

So far, in the UK most of the outrage about the EU scheme has been around the possibility that after Brexit Britons could face having to pay an ETIAS fee to visit many European countries, something they haven’t had to do for decades or at all.

But if ETIAS is applied to UK citizens, it is a near certainty that a cottage industry of websites will quickly spring up to ‘help’ people carry out checks at inflated rates as policy makers wash their hands of a problem they probably earnestly claim is not of their making.

This scenario is not far-fetched and the warning is the European Health Insurance Card (EHIC) card that gives EU citizens the right to free medical treatment in member states. For years this has been mined by scammers charging money for something that costs citizens nothing. Only this month the UK Office of Fair Trading (OFT) even issued a warning about the dangers of EHIC card cons.

ESTA has been a bad experience but ETIAS has the potential to be even worse simply because the volume of people applying for EU visas would be several times larger. Even if the EU offers the card for nothing, the ESTA history suggests this won’t stop the scammers tricking people into thinking a fee applies simply by placing their ads higher up search results.

The UK Government has a big incentive to negotiate Brexit so that ETIAS doesn’t apply to UK citizens but the issue is much larger than just UK holidaymakers. If people from other non-EU countries apply for the right to visit the EU through ETIAS approval it is inevitable that they will be scammed in ways that at best create new opportunities for fraud. At worst could aid organised identity and credential theft on a grand scale.

Will such worries make the ETIAS architects hesitate?  Only time will tell but if policy makers fail to think of ways of countering the online con artists the US ESTA visa story will have been a warning in vain.

Brexit Britain: how the EU ETIAS visa system could fuel UK cybercrime