The new wave in identity theft protection?
With the proliferation of identity theft – more than 9 million Americans victimized annually1 –
consumers and businesses alike continue to seek effective means for identity protection services. Most
recently, fraud alerts have been identified by some in the industry as a powerful and proactive tool in
fighting identity theft. But are fraud alerts effective when used for this purpose?
Fraud alerts, in combination with other tools, can be effective when used judiciously after a
consumer has become the victim of an identity theft. Placing a fraud alert can help in
preventing additional theft. But as a prevention tool, fraud alerts lack the essential components
of monitoring – of both credit and non-credit related personal information.
Fraud Alerts – what they are; how they work
A fraud alert is a warning flag placed on an individual’s credit file at each of the three national
credit reporting agencies (CRA) Equifax®, Experian®, and TransUnion®. Consumers may place
an initial fraud alert on their files at no cost.
Once placed, a fraud alert will remain active for 90 days. As required by the Fair and Accurate
Credit Transactions Act of 2003 (FACTA), a fraud alert requires potential creditors to use
“reasonable policies and procedures” to verify a person’s identity prior to issuing credit.
Additionally, once a fraud alert has been placed, the individual is entitled to receive one free
copy of his or her credit report from each of the three major nationwide consumer reporting
agencies (CRAs). Fraud alerts may be extended in increments of 90 days, as well as removed,
by writing directly to the CRAs.
Fraud Alerts – when and why to use them
According to the Federal Trade Commission (FTC), a fraud alert should be used as a defensive
action when someone has either already become a victim of identity theft, or has logical reason
to believe they will become a victim (if, for example, a wallet has been lost or stolen). Then, if a
thief attempts to open new accounts that require a credit check, creditors are supposed to verify
the applicant’s identity prior to issuing credit.
Fraud Alerts: A helpful but incomplete solution
While a potentially effective device in preventing some new credit-related accounts from being
opened, fraud alerts do not address many of the risks that could give rise to identity fraud. A
consumer who believes that he or she is safe merely because of a fraud alert may be lulled into a
false sense of security. Services that charge a consumer specifically to place fraud alerts may be
trading on the misperception that a fraud alert is a complete remedy.
• Fraud alerts do not require a consistent response by creditors. Because the law is
unspecific, one creditor’s definition of validating an identity may be different from
another’s. Until the actions to be taken are consistent, required, and enforced, there is no
guarantee a consumer’s identity will be accurately confirmed.
• Fraud alerts do not protect against existing account takeover. One of the most common
methods of identity theft is the takeover of existing accounts. Thieves gain access to
existing accounts, change the contact information, and proceed to use the account for
unauthorized purchases, racking up charges the consumer may ultimately be
responsible for – not to mention the arduous task of reclaiming their identity. A fraud
alert will not provide protection if an identity thief is using existing credit cards or other
types of accounts. It only applies to new credit-related requests. So, with fraud alerts
alone, the consumer’s protection against credit fraud is vastly incomplete.
• Fraud alerts do not prevent the opening of new credit accounts that can be issued
without the use of credit reports. Credit is often offered to consumers without the
creditor accessing an individual’s credit reports. Mobile phone, utility companies,
stores, and oil companies all extend credit of some form, yet there is no requirement for
any business to check a current credit report before issuing credit. A business also may
choose to ignore the credit bureaus, or the information contained within the report,
before issuing credit.
• Fraud alerts do not protect non-credit related personal information which may be
used to commit identity fraud. According to the FTC, a significant number of reported
identity theft cases are types that don’t appear in credit reports – such as employment
fraud and medical benefit fraud. Fraud alerts will not prevent thieves from stealing non-
credit account information. Public records, such as licenses, utilities, court records, and
medical records are not covered by fraud alerts. Identity theft can – and often does –
occur when identity thieves obtain and use public and unprotected information.
• Fraud alerts to do not protect checking accounts, debit cards, and the potential theft
associated with those. A fraud alert placed on one’s file at the CRAs will not protect a
debit card from, for example, spying eyes at an ATM. Once intercepted, with some
additional pieces of personal information, an identity thief could change the address on
an account and proceed to steal one’s money and identity.
• Over usage could render fraud alerts ineffective. The proliferation of fraud alerts being
used as a proactive tool has the potential to overwhelm creditors with requests and
ultimately dilute the original intent and purpose. Creditors may become unable to
effectively verify all of the requests they receive, thus opening the door to ignoring the
• Placing alerts takes time. While consumers need only contact one CRA, which is then
required to notify the other two, this can take time, thus leaving the consumers exposed
without associated fraud alerts for undefined amounts of time. Consumers are
encouraged to contact each agency if they don’t receive the required documentation that
an alert has been put in place within a reasonable amount of time.
• Valid credit offers may be denied. A fraud alert may inadvertently impede access to
valuable credit offers resulting in the consumer losing out on potential savings.
Creditors frequently use Voice Response Units (VRUs) to verify one’s identity. Live
representatives are not typically available.
For example, a consumer wants to take advantage of an instant, low- or no-interest in-
store credit offer for a big-ticket item, such as a big-screen television or a personal
computer. The offer could yield hundreds of dollars in savings, but because there is a
fraud alert on the credit file, the creditor has attempted call to verify the identity –
typically on the home phone – and credit is denied because the consumer cannot be
Monitoring: A necessary, proactive component of any solution
When used appropriately, fraud alerts can be a valuable tool to prevent additional identity
theft. However, they were not developed, nor should they be used, as a proactive or stand-alone
method to help consumers protect themselves from this crime. More effective is a combination
of the following components:
• Monitoring and alerts of credit file changes at each of the CRAs. Credit files are monitored
daily for certain types of activities associated with identity theft. Types of activities
could include change of address, new accounts being opened, and inquiries into credit
files. Once detected, an alert is sent directly to the consumer notifying him or her of the
• Credit reports and scores. The advent of free annual credit reports has been a positive step
for consumers. But while everyone can obtain a free copy of their credit report each year
from the CRAs, it’s best to routinely check one’s credit reports for accuracy and activity
– along with credit scores and score changes – which aren’t included in free annual
• Internet Surveillance. With Internet surveillance, sophisticated technology is used to
constantly monitor the Web for evidence that personal information – such as registered
credit card and debit card account numbers – is being bought, sold, or traded. Once
detected, alerts give the consumer the opportunity to stop identity theft before it
• Monitoring and alerts of public records. While protecting one’s credit is important, so is
protecting all of the public information that is readily available to thieves. As noted
earlier, thieves can use this valuable information to impersonate victims and/or
establish new non-credit related accounts that can then become the catalyst for full-
blown identity theft and fraud. Monitoring public records gives consumers the ability to
spot fraud before it occurs.
No one can completely prevent – or promise to prevent – identity theft from occurring.
However, consumers have options to protect and inform themselves, and while fraud alerts are
being promoted as a lower-cost solution, they are not alone an effective means, thus giving
consumers a false sense of security. Consumers need to engage a comprehensive service that
can help them deal with all aspects of fraud including education, prevention, detection, and
resolution. Settling for anything less is, quite simply, inadequate.