Identity Theft Recovery

IdentityTheft.gov — the FTC's official recovery site — builds personalized recovery plans and pre-fills the dispute letters; use it. What it doesn't lay out side by side is the money: the statutory liability tiers that decide how much of a fraud loss a bank can leave with a customer, and how those tiers move with the reporting clock. Pick what was used and when it was reported, and this page shows every tier — credit cards under 15 U.S.C. §1643, debit under §1693g, new accounts under the FCRA — with the scenario matching your answers highlighted and every figure cited to the statute. It shows the framework; your bank or card issuer applies these tiers under the law.

Two different statutes, two very different clocks

Credit cards and debit cards look alike in a wallet but sit under different federal laws. For credit cards, the Truth in Lending Act (15 U.S.C. §1643) caps liability for unauthorized use at $50 no matter when the loss is reported — and when only the number was used, not the card, federal guidance puts it at zero. For debit cards and bank accounts, the Electronic Fund Transfer Act (15 U.S.C. §1693g, implemented by Regulation E) steps the cap with the reporting clock: $50 when the loss is reported within two business days of learning about it, up to $500 through 60 days after the statement, and no statutory cap at all for transfers that happen after a statement showing fraud has gone 60 days without a report. That step from $50 to uncapped is the single most consequential fact in this corner of the law, and it is why the tool tags every option with its clock.

Start at IdentityTheft.gov — this tool covers what it doesn't

The FTC's IdentityTheft.gov is the official recovery resource: it builds a personalized, situation-specific recovery plan and pre-fills the dispute letters and the identity-theft affidavit. There is no reason for anyone to rebuild that, and this tool doesn't try. What it adds is the layer that site doesn't lay out side by side — the statutory liability grid, every tier visible at once with its citation and the verbatim statutory language, so the numbers a bank quotes can be checked against the law they come from. If a bank applies the tiers in a way that seems wrong, the dispute path runs through the bank itself and from there to the Consumer Financial Protection Bureau.

New accounts follow a third law entirely

When the fraud is a new account someone opened in your name, the card-liability statutes don't govern — there was no card of yours to misuse. The framework there is the Fair Credit Reporting Act's identity-theft block (15 U.S.C. §1681c-2): with an identity-theft report, which IdentityTheft.gov generates, the credit bureaus must block the fraudulent information from your file within four business days of receiving it. The FCRA also supplies the surrounding rights this tool tags with their clocks — a free one-year fraud alert that one bureau must refer to the other two (§1681c-1), free security freezes at all three bureaus, and free credit reports through the official centralized source (§1681j).

Find a lawyer Ask a free question

Disclaimer: NotALawyer.com provides general legal information, not legal advice, and is not a law firm. Using a tool does not create an attorney–client relationship. Laws change and vary by situation — verify anything important with the official source or a licensed attorney in your state.