Identity Theft Affidavit: Purpose, Completion, and Submission

The Identity Theft Affidavit is a standardized federal form that enables victims to formally document fraudulent account openings and unauthorized transactions attributed to their stolen identity. Administered by the Federal Trade Commission (FTC), the affidavit functions as a foundational document within the broader identity theft victim recovery roadmap, providing a uniform structure that creditors, credit bureaus, and law enforcement agencies recognize across jurisdictions. Proper completion and submission of this form can determine whether disputed accounts are removed from a victim's credit file and whether criminal investigations proceed on documented evidence.

Definition and scope

The FTC Identity Theft Affidavit — formally incorporated into the FTC Identity Theft Report process available at IdentityTheft.gov — is a sworn written statement in which a victim attests that specific financial accounts, loans, or transactions were opened or conducted without their knowledge or authorization. The affidavit is not a police report substitute, though it may accompany one; rather, it is a creditor-facing instrument designed to trigger the dispute and fraud-investigation obligations that creditors hold under federal law.

Under the [Fair Credit Reporting Act (FCRA), 15 U.S.C. The Identity Theft Affidavit, when combined with a filed police report, constitutes that identity theft report for FCRA purposes.

The affidavit's scope covers:

It does not cover tax fraud (which uses IRS Form 14039) or medical identity theft disputes, which follow distinct agency-level procedures. Victims encountering tax identity theft or medical identity theft must file through the Internal Revenue Service or the relevant healthcare provider's compliance process, respectively.

How it works

The FTC's IdentityTheft.gov platform generates a personalized recovery plan that produces a completed Identity Theft Affidavit based on the victim's reported circumstances. The structured intake process replaces the older standalone paper form (FTC Form 3596) with a dynamic, evidence-based document. The generated report carries legal weight equivalent to a notarized affidavit for most creditor and credit bureau purposes under the FCRA.

The completion and submission process follows these discrete phases:

  1. Account and loss documentation — The victim identifies each fraudulent account, the creditor's name, the account number (if known), and the approximate date the account was opened or the transaction occurred.
  2. Personal identity verification — The victim provides government-issued identification, current address, and prior addresses if applicable, to allow creditors to cross-reference records.
  3. Affidavit generation — IdentityTheft.gov compiles the entered data into a formatted affidavit pre-addressed to each identified creditor.
  4. Submission to creditors — The victim submits the affidavit directly to each creditor's fraud department, typically accompanied by a copy of a government-issued ID and proof of address.
  5. Credit bureau notification — The affidavit, combined with a police report where obtained, is sent to Equifax, Experian, and TransUnion to trigger the statutory 4-business-day block under FCRA § 605B. The credit bureau dispute process describes the follow-up procedures each bureau requires.
  6. Record retention — Victims should retain copies of all submitted materials, including certified mail receipts, as documentation for subsequent legal or regulatory actions.

The FTC Identity Theft Report guide provides detail on how the generated report number functions as a reference identifier throughout this process.

Common scenarios

The affidavit is most frequently employed in four identifiable fraud patterns:

Fraudulent new account opening — A perpetrator uses stolen Social Security numbers, dates of birth, and address data to apply for credit cards, personal loans, or retail accounts. This is the most common triggering scenario and aligns directly with the affidavit's original design purpose. The underlying data often originates from data breaches or dark web markets.

Synthetic identity fraud — A fabricated identity constructed from a real victim's Social Security number blended with fictitious names and dates of birth generates accounts the victim may not discover for years. Synthetic identity fraud cost U.S. financial institutions approximately $6 billion annually, according to the Federal Reserve's published analysis (Federal Reserve Financial Services, Synthetic Identity Fraud). Affidavit filing in these cases requires careful delineation of which specific data elements were stolen versus fabricated. See synthetic identity theft for the full classification framework.

Account takeover following credential theft — Phishing attacks or social engineering fraud yield login credentials that allow a perpetrator to modify account contact information and drain funds or open secondary credit lines. The affidavit documents the unauthorized transactions and identity modifications, supporting the account takeover fraud dispute process.

Government benefits and loan fraud — A fraudster files for unemployment insurance, student loans, or other government-administered benefits using a victim's identity. These cases require the affidavit plus agency-specific dispute forms. Government benefits identity theft and student loan identity theft each carry separate administrative resolution tracks.

Decision boundaries

The affidavit is appropriate when fraudulent new accounts or transactions are confirmed or suspected. It is not the correct instrument in the following situations:

IRS Form 14039 replaces the FTC affidavit for tax fraud. When a fraudulent tax return has been filed using a victim's Social Security number, the IRS Identity Theft Affidavit (Form 14039, available at IRS.gov) is the required instrument. Filing the FTC affidavit in a tax fraud case does not satisfy IRS requirements and will not trigger the IRS's identity theft resolution process or the IRS Identity Protection PIN issuance pathway.

Employment identity theft requires employer and SSA notification. When a perpetrator uses a victim's Social Security number for employment authorization, the Social Security Administration (SSA) and the employer's payroll department require direct notification. The FTC affidavit supplements but does not replace that process. See employment identity theft for the SSA Form dispute pathway.

Criminal identity theft requires law enforcement escalation. When a perpetrator uses a victim's identity during an arrest or criminal proceeding, the affidavit alone is insufficient. That scenario requires direct engagement with the arresting jurisdiction and, in some states, a formal judicial certificate of identity. Criminal identity theft outlines the law enforcement coordination steps.

Credit freeze versus affidavit — complementary, not interchangeable. A credit freeze prevents new account openings prospectively but does not dispute existing fraudulent accounts. The affidavit addresses accounts already opened fraudulently. Both mechanisms are typically deployed in parallel during active identity theft remediation, but they operate through different statutory frameworks — the credit freeze through FCRA § 605A, the affidavit through FCRA § 605B.

The distinction between a fraud alert and a full affidavit submission is material: a 1-year initial fraud alert (extended to 7 years for victims who file an identity theft report) flags a file for creditor scrutiny but does not remove existing fraudulent tradelines. Only a formal affidavit-backed dispute initiates the block and removal process under FCRA § 605B.

References

📜 2 regulatory citations referenced  ·  🔍 Monitored by ANA Regulatory Watch  ·  View update log

Explore This Site

Regulations & Safety Regulatory References Tools & Calculators Password Strength Calculator