How to Place a Fraud Alert on Your Credit Report
A fraud alert is a federally regulated notice placed on a consumer's credit file that instructs creditors to take extra verification steps before opening new accounts or extending credit in that consumer's name. Governed by the Fair Credit Reporting Act (FCRA) and administered through the three major national consumer reporting agencies — Equifax, Experian, and TransUnion — fraud alerts represent a targeted, reversible tool within the broader credit freeze vs. fraud alert decision framework. Understanding the mechanism, eligibility tiers, and placement process is essential for any individual responding to identity compromise or taking proactive protective action.
Definition and scope
Under 15 U.S.C. § 1681c-1 of the FCRA, a fraud alert is a notation added to a consumer credit file directing any person who makes or arranges credit to follow reasonable policies and procedures to verify the identity of the consumer before extending new credit. The Federal Trade Commission (FTC) enforces fraud alert rights under its consumer protection authority at the national level.
Three distinct fraud alert categories exist under federal law:
- Initial Fraud Alert (1-year) — Available to any consumer who believes they are, or are about to become, a victim of fraud or identity theft. Valid for 1 year from placement date (FCRA § 605A(a)(1)).
- Extended Fraud Alert (7-year) — Available exclusively to confirmed identity theft victims who have filed an identity theft report with a federal, state, or local law enforcement agency. Valid for 7 years. Full eligibility criteria are covered at Extended Fraud Alert Eligibility.
- Active Duty Military Alert (1-year) — Available to members of the military on active duty away from their usual duty station. Covered in detail at Identity Protection for Military Personnel.
The scope of a fraud alert differs materially from a credit freeze: a freeze restricts access to the credit file entirely, while a fraud alert leaves the file accessible but attaches a verification requirement. This distinction is critical when evaluating protective measures against new account fraud and synthetic identity fraud.
How it works
Once a fraud alert is placed, the process operates through the following structured sequence:
-
Single-bureau filing triggers automatic notification. Under FCRA § 605A(b), a consumer reporting agency that receives a fraud alert request must notify the other two major bureaus within three business days. Placement at Equifax alone, for example, propagates automatically to Experian and TransUnion.
-
The alert is attached to the credit header. When a creditor pulls the consumer's file, the fraud alert appears at the top of the report, signaling the identity verification requirement before any new credit is issued.
-
Creditors must follow reasonable verification procedures. The statute requires creditors to use reasonable policies — which in practice includes calling the phone number provided by the consumer during placement or using equivalent identity verification steps — before extending new credit.
-
Free credit report entitlement is triggered. Upon placement of an initial fraud alert, the consumer is entitled to one free copy of their credit report from each of the three major bureaus within 30 days (FCRA § 605A(c)(1)). Extended alert placement entitles the consumer to two free reports per bureau per year for the alert's duration.
-
Opt-out from prescreened offers is automatic for extended alerts. Extended fraud alert placement also results in the consumer's name being removed from prescreened credit and insurance offer lists for 5 years (FCRA § 605A(a)(2)(B)).
-
Removal is voluntary. An initial fraud alert can be removed before its 1-year expiration at the consumer's request, subject to identity verification by the bureau.
Placement can be initiated online, by phone, or by mail through each bureau's dedicated fraud alert portal. As of FCRA amendments enacted in the Economic Growth, Regulatory Relief, and Consumer Protection Act (Pub. L. 115-174, 2018), initial alerts were extended from 90 days to 1 year.
Common scenarios
Fraud alerts are used across a range of identity compromise situations documented in identity theft types and definitions:
- Post-data breach response. When a consumer receives notification that personal information was exposed in a breach, an initial fraud alert establishes a verification layer during the period of elevated risk. This is a standard first step in data breach response for individuals.
- Lost or stolen wallet. Physical document loss — wallet theft, for instance — creates immediate risk of new account fraud. An initial fraud alert can be placed within minutes via an online bureau portal, before the consumer has completed a full wallet theft response.
- Confirmed identity theft requiring extended protection. A consumer who has already discovered fraudulent accounts opened in their name, filed an identity theft affidavit with the FTC, and obtained a police report qualifies for the 7-year extended alert.
- Active duty military deployment. Service members deploying away from their primary duty station use the active duty alert to reduce exposure to financial identity theft during periods when monitoring personal accounts is difficult.
- Proactive placement without confirmed compromise. FCRA permits any consumer who "believes" they may become a victim to place an initial alert — no confirmed incident is required.
Decision boundaries
Fraud alerts and credit freezes serve overlapping but distinct purposes. The decision between them — and the decision to use one, both, or neither — depends on several structural factors:
| Factor | Initial Fraud Alert | Extended Fraud Alert | Credit Freeze |
|---|---|---|---|
| Eligibility | Any consumer | Confirmed ID theft victims only | Any consumer |
| Duration | 1 year | 7 years | Indefinite (until lifted) |
| Credit access blocked? | No | No | Yes (file locked) |
| Applies to new credit only? | Yes | Yes | Yes |
| Existing account protection? | No | No | No |
| Law enforcement report required? | No | Yes | No |
Key decision boundaries:
- A fraud alert does not protect against account takeover fraud on existing accounts, because creditors accessing existing account relationships do not check the new-account fraud alert flag.
- A fraud alert does not substitute for monitoring; it does not alert the consumer when their credit file is accessed. Dark web monitoring and active credit monitoring address that gap separately.
- Consumers who need to apply for credit frequently — mortgages, auto loans, employment background checks — may prefer a fraud alert over a freeze because the file remains accessible without requiring a temporary lift.
- An extended fraud alert is more appropriate than an initial alert when documented identity theft has occurred, as it provides 7 years of protection and the additional prescreened offer opt-out. The FTC's consumer reporting resource at IdentityTheft.gov provides the standardized Identity Theft Report used to qualify for extended alert placement.
- A fraud alert alone is generally considered insufficient protection for consumers whose Social Security number has been directly compromised, where a credit freeze offers a stronger barrier.
The FCRA does not prohibit simultaneous use of a fraud alert and a credit freeze on the same file. Both can be in effect concurrently, with each providing a distinct layer of protection.
References
- Fair Credit Reporting Act, 15 U.S.C. § 1681c-1 — Fraud Alerts
- Federal Trade Commission — IdentityTheft.gov
- FTC — Free Credit Reports and Fraud Alerts Consumer Information
- Consumer Financial Protection Bureau (CFPB) — Fraud Alerts
- Economic Growth, Regulatory Relief, and Consumer Protection Act, Pub. L. 115-174 (2018)
- Equifax Fraud Alert Placement Portal
- Experian Fraud Alert Placement Portal
- TransUnion Fraud Alert Placement Portal