How to Place a Credit Freeze at All Three Bureaus

A credit freeze — formally termed a security freeze under federal law — is one of the strongest tools available under the Fair Credit Reporting Act to prevent unauthorized credit account openings. Placing a freeze requires direct action with each of the three nationwide consumer reporting agencies: Equifax, Experian, and TransUnion. This page describes the statutory framework, the mechanics of placement and removal, the scenarios where freezes apply, and how freezes compare to adjacent protective instruments.

Definition and scope

A security freeze restricts a consumer reporting agency from releasing a consumer's credit report or credit score to a prospective creditor without the consumer's explicit prior authorization. The authority for this mechanism is codified at 15 U.S.C. § 1681c-1, as amended by the Economic Growth, Regulatory Relief, and Consumer Protection Act of 2018 (Public Law 115-174). That 2018 statute made placement, temporary lifting, and permanent removal of security freezes free of charge at all consumer reporting agencies nationwide — eliminating fees that previously existed in most states.

The three agencies subject to this federal requirement are Equifax, Experian, and TransUnion. Each maintains a separate consumer file and must be contacted independently; a freeze placed with one agency does not propagate to the others. The Federal Trade Commission (FTC) administers consumer education and complaint intake under the FCRA framework.

Freezes apply specifically to credit inquiries from prospective new creditors. They do not restrict access by existing creditors, debt collectors reviewing an existing account, employers conducting background checks (in most circumstances), or government agencies acting under statutory authority. The Consumer Financial Protection Bureau (CFPB) maintains formal guidance distinguishing freeze scope from credit report access rights under 15 U.S.C. § 1681b.

Freezes for minors are available under the same federal statute and are initiated by a parent or legal guardian. The process requires additional documentation including proof of guardianship and the minor's Social Security number.

How it works

Each of the three nationwide bureaus provides three channels for freeze placement: online portal, telephone, and U.S. mail. Online and phone placements must take effect within one business day under 15 U.S.C. § 1681c-1(i)(2); mail requests must take effect within three business days of receipt.

Placement process — sequential steps:

Temporary lift (thaw): When a consumer applies for new credit, a temporary lift — not a full removal — is the standard approach. A lift can be set for a specific date range (e.g., 7 days) or for a specific creditor. The same one-business-day statutory window applies to online and phone-initiated lifts. After the lift window expires, the freeze reactivates automatically.

Permanent removal: Requires the same identity verification steps as placement and results in immediate or one-business-day processing depending on the submission channel.

Common scenarios

Post-data-breach response: Following a confirmed breach exposing Social Security numbers, the FTC directs affected individuals to place freezes at all 3 bureaus as a primary mitigation measure. The identity protection providers on this domain catalog service categories relevant to post-breach remediation.

Proactive prevention — no breach required: A security freeze can be placed preemptively by any consumer at any time, regardless of whether a breach or identity theft event has occurred. This is particularly relevant for individuals with high public profiles, minors whose Social Security numbers are not yet in use for credit, or elderly adults who do not anticipate opening new credit accounts.

Estate and incapacity situations: A legal guardian, conservator, or power-of-attorney holder may place a freeze on behalf of an incapacitated individual. Each bureau has its own documentation requirements, typically requiring a notarized or certified copy of the authorizing legal instrument.

Active-duty military: Servicemembers can place an active-duty alert under 15 U.S.C. § 1681c-1(e), which differs from a freeze in that it triggers a verification requirement for creditors rather than a hard block. The active-duty alert applies for 12-month periods. A security freeze remains available as a separate, more restrictive alternative.

The page provides broader context on how freeze-related services fit within the full consumer protection landscape.

Decision boundaries

Security freeze vs. fraud alert: A fraud alert under 15 U.S.C. § 1681c-1(a) requires creditors to take reasonable steps to verify identity before extending credit, but does not block the credit report from being accessed. A freeze blocks access entirely to prospective new creditors. Fraud alerts require only a single bureau contact — the receiving bureau must notify the other 2. Freezes require independent placement at all 3 bureaus. For confirmed identity theft cases, the CFPB recommends a freeze as the stronger instrument.

Security freeze vs. credit lock: A credit lock is a commercial product offered by each bureau under a proprietary service agreement — not a statutory right. Credit locks typically offer faster digital toggling but carry no federal legal protections or fee limitations. The statutory security freeze under the FCRA remains the legally enforceable option with defined federal timelines and no permissible fees.

Freeze vs. credit monitoring: Credit monitoring is a detection service that alerts the consumer after a new inquiry or account appears. A freeze is a prevention mechanism that stops unauthorized inquiries before an account can be opened. The two instruments serve distinct functions and are not substitutes. The how to use this identity protection resource page describes how these service categories are classified within this network.

Limitations: A security freeze does not prevent fraud on existing accounts, tax identity theft, medical identity theft, or government benefits fraud — categories where a new credit inquiry is not part of the fraud mechanism. The FTC's IdentityTheft.gov platform addresses recovery workflows for those distinct fraud categories separately.

 ·   · 

References

Read Next

Identity Protection Listings ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Providers The identity... Identity Protection Directory: Purpose and Scope ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Identity Protection Network: Purpose and Scope... Credit Freeze vs. Fraud Alert: Key Differences ANA › Professional Services Authority Authority › National Cyber Authority Authority › Identity Protection Authority Credit Freeze vs.