An extended fraud alert is a seven-year protective notice placed on a consumer credit file after identity theft has been verified through a police report or Identity Theft Report filed with the Federal Trade Commission. The alert requires any business using the credit report to take additional steps to verify the consumer's identity before extending new credit, reducing the risk of further fraudulent accounts.
The extended fraud alert is established by 15 U.S.C. § 1681c-1, which sets out three categories of fraud alert under the Fair Credit Reporting Act: the initial fraud alert lasting one year, the extended fraud alert lasting seven years, and the active duty alert lasting one year for deployed military personnel. The extended alert is the only form that requires documentation of actual identity theft and that triggers two additional benefits: a free credit report from each bureau twice in the seven-year period and removal of the consumer's name from prescreened credit offer lists for five years.
This article covers the extended fraud alert specifically. It does not address the separate credit freeze, which prevents access to the credit file entirely, or the credit lock, which is a contractual product offered by individual bureaus rather than a statutory right. The article also does not address civil or criminal remedies against the perpetrator of the identity theft.
Key takeaways
- An extended fraud alert under FCRA § 605A lasts seven years and requires documented identity theft.
- Documentation can be a police report, FTC Identity Theft Report, or other proof of identity theft as defined in the statute.
- Placing an extended alert with one bureau requires that bureau to notify the other two, so a single request covers all three nationwide credit reporting agencies.
- The alert entitles the consumer to two free credit reports from each bureau during the seven-year period.
- The alert removes the consumer's name from prescreened credit offer lists for five years.
- Businesses requesting the credit report must take reasonable steps to verify the consumer's identity before extending credit.
How is the extended fraud alert different from other fraud alerts?
The extended fraud alert differs from the initial fraud alert in three key respects: duration, eligibility requirements, and additional benefits. The initial fraud alert is available to any consumer who reasonably suspects identity theft, lasts one year, and entitles the consumer to one free credit report. The extended fraud alert is available only to consumers with documented identity theft, lasts seven years, and carries the additional benefits described in this article.
| Feature | Initial fraud alert | Extended fraud alert | Active duty alert |
|---|---|---|---|
| FCRA section | § 605A(a) | § 605A(b) | § 605A(c) |
| Duration | 1 year | 7 years | 1 year |
| Documentation required | None (good faith suspicion) | Identity Theft Report | Active military duty |
| Free credit reports | 1 from each bureau | 2 from each bureau over 7 years | 1 from each bureau |
| Prescreen opt-out | No | Yes, for 5 years | Yes, for 2 years |
| Verification by lenders required | Yes | Yes, plus reasonable contact procedures | Yes |
What documentation qualifies for an extended fraud alert?
FCRA § 603(q)(4) defines an Identity Theft Report as a report filed by the consumer with an appropriate federal, state, or local law enforcement agency, including the Federal Trade Commission. The report must contain the consumer's allegation of identity theft with as much specificity as the consumer can provide, and the consumer must subject themselves to criminal penalties for filing false statements.
Documents that typically qualify include:
- An FTC Identity Theft Report generated through the IdentityTheft.gov reporting tool. This is the most common documentation used by consumers.
- A police report filed with a local, state, or federal law enforcement agency identifying the identity theft.
- A report filed with the U.S. Postal Inspection Service for mail-related identity theft.
- Reports filed with other federal investigative agencies such as the FBI in cases involving organized fraud.
The credit reporting agencies retain discretion to verify the documentation. A consumer who provides an Identity Theft Report should also be prepared to provide supporting evidence such as account statements showing the fraudulent activity, denial letters from creditors, or other documentation that substantiates the theft.
How does a consumer place an extended fraud alert?
Placing an extended fraud alert requires contacting one of the three nationwide credit reporting agencies and providing the required documentation. The bureau contacted must place the alert on the consumer's file and notify the other two bureaus, which must then place the alert on their files as well. This one-call rule means a single request covers all three credit files.
Steps in the recommended sequence:
- File an Identity Theft Report with the FTC through IdentityTheft.gov, or file a police report with a local law enforcement agency.
- Print and retain a copy of the Identity Theft Report or police report.
- Contact one of the three credit bureaus (Equifax, Experian, or TransUnion) and request an extended fraud alert.
- Submit the Identity Theft Report or police report to the bureau through the bureau's secure online portal, by mail, or by fax.
- Verify identity with the bureau through the documentation the bureau requires, which typically includes proof of address and a copy of a government-issued identification.
- Confirm placement of the alert with all three bureaus by reviewing the credit report from each within 30 days of the initial request.
What happens when a creditor sees the alert?
A user of a consumer report that contains an extended fraud alert must take reasonable steps to contact the consumer in person, by phone, or by another reasonable method specified by the consumer before extending credit. The user cannot simply rely on the credit report's automated checks. The consumer can list a preferred phone number on the alert, and the creditor should contact the consumer at that number before opening a new account.
Verification practices that creditors typically use include:
- Calling the consumer at the phone number listed on the fraud alert and confirming identity through knowledge-based questions.
- Requiring the consumer to appear in person at a branch with photo identification before opening a new account.
- Requesting additional documentation such as utility bills, bank statements, or tax returns to confirm the consumer's identity.
- Conducting a video verification through the lender's identity verification platform.
- Delaying the credit decision until the consumer responds to a verification request.
Does the extended fraud alert prevent all new account opening?
No. The extended fraud alert is not a credit freeze. The alert requires verification but does not prevent the consumer's credit file from being accessed. A consumer with an extended fraud alert can still open new accounts; the alert simply requires additional verification before approval. Consumers who want to block access to their credit file entirely should place a credit freeze in addition to or instead of the fraud alert.
Credit freezes are governed by FCRA § 1681c-1(i) and prevent access to the credit file by third parties until the consumer temporarily lifts or permanently removes the freeze. Freezes are free under federal law as of September 2018. A consumer facing active identity theft typically benefits from both an extended fraud alert and a credit freeze; the alert provides backup verification, while the freeze prevents most access to the file.
What are the additional benefits of the extended fraud alert?
The extended fraud alert carries two benefits not available with the initial alert. These benefits address the longer recovery period that follows verified identity theft and provide consumers with additional tools to monitor and protect their credit during the seven-year alert period.
The additional benefits are:
- Two free credit reports from each of the three nationwide credit reporting agencies during the seven-year alert period. This is in addition to the free reports available to all consumers under FCRA § 1681j.
- Removal from prescreened credit offer lists for five years. The consumer will not receive unsolicited credit card or insurance offers, which reduces the volume of personal information being mailed to the consumer's address and reduces the risk of further mail theft.
The free credit reports allow the consumer to monitor for additional fraudulent activity during the recovery period. Many identity theft cases involve fraud that surfaces months or years after the initial incident, and the supplemental reports provide a way to detect that activity without paying for ongoing monitoring services.
Can an extended fraud alert be removed early?
Yes. A consumer can request removal of the extended fraud alert at any time during the seven-year period. The bureau must remove the alert within a reasonable time of receiving the removal request and proof of identity. Consumers typically request early removal when their identity theft situation has been fully resolved and they no longer need the verification protections.
Early removal does not return the prescreen opt-out benefit; the consumer must separately request to be removed from the prescreen opt-out list if desired. The five-year prescreen opt-out continues for its full duration unless the consumer specifically requests reactivation of prescreening.
How does the extended fraud alert interact with credit monitoring?
An extended fraud alert is not a substitute for active credit monitoring. The alert places a notice on the credit file that requires creditor action, but it does not alert the consumer when new inquiries or accounts appear on the file. Consumers who want to know in real time about activity on their credit reports need to combine the alert with a monitoring service or with regular self-checks of the credit file.
Free monitoring options include the weekly free credit reports available from each of the three bureaus through AnnualCreditReport.com, which the bureaus committed to making available indefinitely after expanding access during the COVID-19 pandemic. Paid monitoring services offer more frequent alerts and additional features such as dark web scanning, but the underlying credit information is the same as in the free weekly reports.
What if a creditor does not honor the extended fraud alert?
A creditor that fails to take reasonable verification steps before extending credit to an impostor may violate FCRA § 605A(h) and may be liable to the consumer under FCRA § 616 or § 617 for negligent or willful noncompliance. Damages can include actual losses, statutory damages of $100 to $1,000 in willful violation cases, punitive damages, and attorney's fees.
Consumers facing this situation should preserve all documentation of the fraudulent account, including the credit application, the bureau records showing when the fraud alert was placed, and any communications with the creditor about the dispute. Consumers should also report the incident to the FTC and to the appropriate state or federal regulators with jurisdiction over the type of creditor involved.
What other identity theft protections work alongside the extended alert?
The FCRA provides several additional protections for identity theft victims that complement the extended fraud alert. These protections work together to limit the damage from identity theft and to help the consumer recover.
Complementary protections include:
Block of information resulting from identity theft under FCRA § 605B. A credit reporting agency must block reporting of any item the consumer identifies as resulting from identity theft if the consumer provides a copy of an Identity Theft Report, identification, and a statement that the item is not the consumer's transaction.
Other complementary protections include:
- Credit freeze under FCRA § 605A(i) that blocks access to the credit file entirely.
- Free copies of business records related to the identity theft under FCRA § 609(e), which gives consumers the right to obtain records from the business where the fraudulent transaction occurred.
- Truncation of credit card and debit card numbers on receipts under FCRA § 605(g), which limits exposure of card information.
- Restrictions on the disclosure of credit reports for employment purposes under FCRA § 604(b), which require employer disclosures and consumer consent.
Frequently asked questions about extended fraud alerts
Does an extended fraud alert hurt a credit score?
No. Fraud alerts are not scored by FICO or VantageScore models. The alert is a notation on the credit file but does not appear in the score calculation. Creditors may, however, deny new credit if they are unable to complete the verification required by the alert, which can have practical consequences even though the score is unaffected.
Can someone else place a fraud alert on a consumer's file?
FCRA § 605A(b) allows a personal representative to place an extended fraud alert on behalf of a consumer. The personal representative must provide proof of legal authority such as a power of attorney or court order. This provision is most commonly used for incapacitated consumers, deceased consumers' estates, and minors whose identity has been compromised.
How quickly does the extended alert take effect?
The credit bureau must place the alert as soon as practicable after receiving the request and the required documentation. In practice, alerts are typically placed within one to two business days. The notification from the bureau to the other two bureaus must occur within the same timeframe, so all three credit files should carry the alert within several business days of the initial request.
Does the extended alert apply to specialty credit reports?
The extended fraud alert applies to credit files maintained by the three nationwide credit reporting agencies. Specialty consumer reporting agencies that maintain tenant screening reports, employment screening reports, insurance scoring reports, and similar specialized files have separate procedures. Consumers concerned about fraud in specialty reports should contact each specialty agency directly to request applicable protections under FCRA § 1681a(p) and § 1681c-1.
What happens to the alert after the seven-year period ends?
The alert automatically expires at the end of the seven-year period. The consumer does not need to take any action to remove it. If identity theft remains a concern after the alert expires, the consumer can place a new initial fraud alert, request a new extended alert with updated documentation, or place a credit freeze for indefinite protection. Renewal of the extended alert requires a new Identity Theft Report related to recent fraud activity rather than the original incident.
Last reviewed: May 2026
This article is for educational purposes only and does not constitute legal or financial advice. The Fair Credit Reporting Act and related regulations are complex, and outcomes depend on individual circumstances. Consumers with specific questions about their credit reports or rights under federal law should consult a licensed attorney or contact the Consumer Financial Protection Bureau directly.
