The three flavors
An initial fraud alert lasts one year and requires nothing but your request. You do not need to prove anything happened. Suspicion that your data was exposed, for example after a breach notice, is enough. It is renewable when it expires.
An extended fraud alert lasts seven years and requires an identity theft report, typically the report you file at IdentityTheft.gov or a police report. It comes with extras: lenders must contact you by phone or another method you specify before extending credit, and you get additional free credit reports and removal from prescreened offer lists for five years.
An active duty alert is for deployed servicemembers. It lasts one year, is renewable for the length of deployment, and also removes you from prescreened lists for two years. It works like an initial alert tuned for people who cannot easily respond to verification calls from overseas.
- ▸Initial: 1 year, no proof needed, renewable
- ▸Extended: 7 years, requires an identity theft report, strongest protections
- ▸Active duty: 1 year renewable, built for deployed servicemembers
One bureau notifies all three
Fraud alerts have the best activation logistics of any credit protection. You contact one bureau, Equifax, Experian, or TransUnion, and that bureau is legally required to relay your alert to the other two. One request, full coverage.
This is the opposite of freezes, which must be placed separately at each bureau. If you have ten minutes and rising panic after a breach notice, the one-call fraud alert is the fastest meaningful step you can take. You can layer freezes on afterward at your own pace.
Confirm the propagation worked by checking your file at the other two bureaus after a week or so. Propagation failures are uncommon but they happen, and the alert only protects the files it actually reaches.
What lenders must do, and what it costs you
When a lender pulls a file carrying a fraud alert, the law requires reasonable steps to verify that the applicant is actually you before opening the account. With an extended alert, the lender must contact you through the method you listed, usually a phone call, before approving new credit.
The practical cost is friction on your own applications. Instant online approvals often stop being instant, because the issuer routes the application to manual verification. Expect a pending decision and a phone call instead of an approval screen. For most people this is a minor cost. For someone in the middle of a heavy application cycle, it is a real consideration.
Note the limits of reasonable steps. An initial alert does not legally force a phone call, and verification quality varies by lender. A determined fraudster can sometimes get through an initial alert in a way they cannot get through a freeze, because the freeze blocks the file pull entirely.
- ▸Lenders must verify identity before opening credit
- ▸Extended alerts require contact through your chosen method
- ▸Your own instant approvals get slower
- ▸Verification rigor varies, a freeze is the harder stop
When an alert beats a freeze, and vice versa
The freeze is the stronger default. It blocks the file pull itself, requires no judgment call by the lender, and costs nothing. If you want set-and-forget protection, freeze all three bureaus and the secondary bureaus, and skip the alert.
The alert wins in three situations. First, speed and simplicity: one call covers all three bureaus, useful in the immediate aftermath of a breach. Second, active credit shopping: an alert lets every pull go through with extra verification, so you do not have to manage thaw windows while applying for a mortgage or shopping auto loans across many lenders. Third, the extended alert after actual identity theft: seven years of mandatory contact-before-credit is protection a freeze does not replicate, and it keeps working even during the windows when you thaw a freeze to apply.
These tools stack. The strongest posture after real identity theft is an extended alert plus freezes at all bureaus. The alert covers the moments the freeze is lifted, and the freeze covers the lenders whose verification under an alert would have been sloppy.
Removing an alert
Initial and active duty alerts expire on their own and require nothing from you. If you want one gone early, contact each bureau, online or by phone, and request removal. Unlike placement, removal does not reliably propagate, so plan on handling each bureau individually and verify the alert is gone from all three files.
Extended alerts can also be removed before the seven years run out by request to each bureau, with identity verification. Most people who qualified for one should let it run.
If your alert is causing application friction at a specific lender, you usually do not need to remove it. Make sure your phone number on file at the bureaus is current, answer the verification call, and the application proceeds. A stale callback number is the most common reason an alert turns from a safeguard into a blocker.
- ▸Initial and active duty alerts lapse automatically
- ▸Early removal: contact each bureau individually and verify all three
- ▸Keep your bureau phone number current so verification calls reach you