Credit Freezes Do Not Stop All Forms of Identity Theft in US

A credit freeze prevents many fraudulent credit applications but fails to stop synthetic identity fraud, account takeovers, and tax-refund scams [1, 2, 3].

This gap in protection means consumers who rely solely on freezes may remain vulnerable to sophisticated financial crimes that do not require a traditional credit check. While a freeze limits a criminal's ability to open a new line of credit in a victim's name, it does not secure existing accounts or prevent the creation of entirely new, fake identities.

Fraudsters can bypass these protections by creating synthetic identities, a process where they combine real and fake information to form a new credit profile [1, 2]. Because these profiles are not tied to a frozen report, criminals can secure loans and credit cards without triggering a freeze alert. Additionally, account takeovers occur when thieves hijack existing accounts, meaning the freeze on a credit report provides no defense for funds already in a bank or brokerage account [1, 2].

Tax-refund scams represent another critical vulnerability. Criminals can file fraudulent tax returns to steal refunds using stolen Social Security numbers, a process that does not involve the credit bureaus [1, 2, 3].

To establish a basic level of protection, consumers must take specific steps with the reporting agencies. To be effective, a credit freeze must be placed at all three major credit bureaus ^[4].

"In order to effectively freeze one's credit, it is necessary to freeze at all three bureaus independently," Siciliano said ^[4].

Because these protections are not absolute, security experts suggest that users implement additional safeguards. These include monitoring existing bank statements for unauthorized activity, and using multi-factor authentication on all financial portals to prevent account takeovers [1, 2].