Any consumer in the United States can lock down their credit files at Equifax, Experian, and TransUnion at no cost, blocking most attempts to open fraudulent accounts. That right, established by federal statute and in effect since Sept. 21, 2018, requires each bureau to accept freeze requests by phone, website, or mail and to lift a freeze within one hour of an electronic request. The Federal Trade Commission is hosting a webinar in June 2026 to walk consumers through the process, a sign that adoption still lags years after the law took effect.
How a free freeze blocks new-account fraud at all three bureaus
A security freeze restricts access to a consumer’s credit file so that most lenders cannot pull it during an application review. Without that pull, the lender typically denies the application, which stops a thief from opening credit cards, auto loans, or mortgages under a stolen identity. The mechanism is straightforward, but it carries one friction point: consumers must contact each of the three nationwide credit reporting agencies separately. Freezing at only one or two bureaus leaves the unfrozen file exposed, because a lender may check any of the three.
The legal foundation sits in Section 1681c-1 of the Fair Credit Reporting Act, which spells out the required methods bureaus must offer and the timelines they must meet. A fraud alert, by contrast, asks lenders to verify identity before extending credit but does not block file access outright. The FTC’s consumer guidance draws a clear line between the two tools: a freeze stops most new credit approvals, while a fraud alert only flags the file for extra scrutiny. Households that rely on alerts alone still leave the door open for a determined identity thief who can pass a basic verification step.
Federal guidance and the Sept. 2018 rule that made freezes free
Before Sept. 21, 2018, many states allowed bureaus to charge fees for placing or lifting a freeze. The nationwide rule eliminated those charges. The CFPB confirmed that consumers can now freeze and unfreeze credit for free at all three bureaus, removing the cost barrier that had discouraged widespread adoption. The FTC echoed that guidance and added a practical reminder: consumers need to lift the freeze temporarily whenever they apply for new credit themselves, a step that is also free and can be done online in minutes.
Federal agencies have tried to make the process as simple as possible. The Consumer Financial Protection Bureau’s plain-language explanation of a security freeze emphasizes that it does not affect credit scores, does not stop existing creditors from viewing a file, and does not block certain government or collection-related access. Those carve-outs are designed to preserve routine account servicing and some law-enforcement functions while still shutting down most new-account fraud.
The FTC’s FCRA compilation was revised in March 2026, and the agency scheduled a June 2026 webinar specifically on how to place and lift a credit freeze online. Both actions suggest the government sees a gap between the legal right and actual consumer behavior. Federal portals such as USA.gov and IdentityTheft.gov continue to direct people to the same three bureau websites for freeze requests, reinforcing that no third-party service is needed.
Gaps in the data on freeze adoption and bureau compliance
No publicly available dataset tracks how many consumers have placed freezes at all three bureaus or measures the resulting change in new-account fraud rates. The hypothesis that simultaneous three-bureau freezes produce measurably fewer unauthorized hard inquiries than fraud alerts alone is logically sound but untested in any published study. Anonymized inquiry logs from the bureaus matched against consumer self-reports collected through IdentityTheft.gov could, in theory, show whether victims who froze all three files experienced fewer repeat incidents than those who relied only on alerts or credit monitoring. For now, policymakers are left to infer effectiveness from complaint trends and anecdotal reports.
Data on bureau compliance with the one-hour lift requirement is also thin. The statute sets a clear deadline for electronic requests, but consumers who encounter delays may never file a formal complaint, and those who do often describe the problem in narrative form that is hard to quantify. Without systematic audits or mandatory public reporting, it is difficult to know how often bureaus miss the mark or whether certain channels, such as phone-based requests, perform worse than web portals.
Researchers face additional hurdles. Privacy rules limit access to detailed credit-file information, and any large-scale study would need strict safeguards to prevent re-identification. Funding is another obstacle: freeze mechanics do not fit neatly into traditional financial-inclusion or macroeconomic research agendas, even though identity theft can destabilize household finances for years. As a result, much of the available literature focuses on data breaches and fraud losses broadly, rather than on the specific impact of freezes.
Despite these gaps, the policy logic behind free freezes remains intact. The cost to place and lift them has been driven to zero by law, the operational burden on bureaus is defined in statute and guidance, and the potential benefit to consumers facing rising identity theft is substantial. The next step is empirical: building the datasets and studies needed to confirm how often people use their right to freeze, how reliably the bureaus comply, and how much new-account fraud actually falls when consumers lock all three files instead of relying on partial measures.
Warren Cohen is a finance writer based in Phoenix, Arizona, covering personal finance topics including credit, banking, and beginner investing. He earned his degree in business administration from Arizona State University and began his career working in consumer finance, where he gained direct experience with lending and credit systems. He now writes for personal finance websites and fintech platforms, focusing on clear, practical content that helps readers make informed financial decisions.
