Identity Theft Affidavit: Purpose, Completion, and Submission

The Identity Theft Affidavit is a standardized federal document used to formally report fraudulent accounts, unauthorized transactions, and misuse of personal identifying information to creditors, financial institutions, and law enforcement. Administered by the Federal Trade Commission, the affidavit serves as the foundational evidentiary record in the identity theft dispute and recovery process. Its proper completion and submission determines the speed and legal standing of downstream resolution actions, including credit bureau disputes, law enforcement referrals, and account fraud claims.

Definition and scope

The FTC Identity Theft Affidavit — officially designated as FTC Form 3216 and available through IdentityTheft.gov — is a sworn written statement attesting that specific accounts or transactions were opened, conducted, or authorized without the victim's consent. When combined with a police report, the affidavit and police report together constitute an Identity Theft Report, which carries enhanced legal weight under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681.

The affidavit's scope covers:

The document does not apply to disputed transactions the cardholder authorized but later regrets, billing errors governed by the Fair Credit Billing Act (FCBA), or account takeovers where the victim voluntarily shared credentials. Those scenarios fall under distinct dispute frameworks administered separately by creditors and the Consumer Financial Protection Bureau (CFPB).

For an orientation to the broader service landscape surrounding identity theft response, see the Identity Theft Provider Network Purpose and Scope.

How it works

The affidavit functions as a structured declaration of fact, not a complaint form. Its completion follows a defined sequence:

1. Account identification: The victim lists each fraudulent account by creditor name, account number (partial or full), and the approximate date the account was opened or the unauthorized activity occurred.
2. Personal attestation: The victim confirms they did not open the account, authorize the transaction, or benefit from the activity in question.
3. Notarization or attestation under penalty of perjury: Depending on creditor requirements, the affidavit is either notarized or signed under penalty of perjury as provided under 28 U.S.C. § 1746.
4. Combination with a police report: To form a full Identity Theft Report, the completed affidavit is paired with a police report from the relevant jurisdiction. The FTC's IdentityTheft.gov platform generates a pre-populated affidavit and provides a printable report that many law enforcement agencies accept in lieu of or alongside a formal police report.
5. Submission to creditors and credit bureaus: Completed Identity Theft Reports are sent directly to each creditor holding a fraudulent account and to the three major credit reporting agencies — Equifax, Experian, and TransUnion — to trigger a block on fraudulent information under FCRA § 605B.

The FCRA § 605B block, once confirmed by a credit bureau, must be applied within 4 business days of receiving a valid Identity Theft Report (15 U.S.C. § 1681c-2). Creditors notified of the fraud are prohibited from continuing collection activity on the disputed account during the investigation period.

Common scenarios

The affidavit is applicable across a defined set of fraud categories. The three most prevalent submission contexts are:

New account fraud: A third party opens a credit card, personal loan, or utility account using the victim's name, date of birth, and Social Security Number. This is the primary use case for the FTC affidavit, and it accounts for the majority of affidavit submissions processed through IdentityTheft.gov each year.

Tax identity theft: The Internal Revenue Service (IRS) recognizes identity theft affidavits as part of the resolution process when fraudulent tax returns are filed under a victim's Social Security Number. The IRS issues its own supplemental form — Form 14039, Identity Theft Affidavit — for tax-specific fraud, which is submitted directly to the IRS alongside a federal Identity Theft Report (IRS Form 14039).

Medical identity theft: When a third party receives medical services, prescriptions, or insurance benefits using another person's identity, the Health and Human Services Office for Civil Rights (HHS OCR) and individual insurers require an affidavit as part of the record correction process under HIPAA provisions.

The IRS Form 14039 and the FTC Form 3216 are distinct documents with separate submission channels. Submitting one does not fulfill the requirement of the other, and victims dealing with both tax fraud and credit fraud must file both.

Those navigating the full range of available response services can consult the Identity Theft Providers for categorized provider and agency information.

Decision boundaries

Not every fraud scenario warrants an Identity Theft Affidavit as the primary instrument. Understanding the threshold criteria prevents misdirected filings:

The affidavit becomes relevant at the point confirmed fraudulent activity is documented — not at the point a data breach is suspected. Filing prematurely, before specific fraudulent accounts or transactions are identified, creates incomplete records that can delay credit bureau blocks and creditor investigations.

The Social Security Administration (SSA) maintains a separate reporting pathway for Social Security Number misuse in employment contexts, and the SSA's Office of the Inspector General accepts fraud reports at oig.ssa.gov. Coordination between the FTC affidavit process and the SSA pathway is necessary when fraudulent employment records have been established under the victim's number.

For guidance on how this reference resource is structured and how to navigate its service categories, see How to Use This Identity Theft Resource.