PanicStation.org
UK USA
uk Money & financial emergencies new authorised user on account • unknown additional cardholder • someone added to my credit card • extra card i did not request • strange name on my account • authorised user appeared suddenly • credit account permissions changed • credit card account takeover • new user on online banking • unfamiliar person on card account • unexpected additional card issued • address changed on credit account • identity fraud warning sign • credit report shows new link • suspicious account access • card account security breach

What to do if…
a new authorised user appears on one of your credit accounts

Short answer

Treat this as urgent account takeover until proven otherwise: contact the card provider/lender’s fraud team immediately to remove the authorised user, cancel any extra cards, and secure your account.

Do not do these things

  • Don’t “wait to see” if anything else happens — the fastest fixes happen when you report immediately.
  • Don’t message or confront whoever you suspect from your usual phone/email accounts (they may be compromised).
  • Don’t share screenshots of your account page (they can reveal partial numbers, addresses, or security details).
  • Don’t close the account in-app without speaking to the provider first — you may lose a clear dispute trail and safer replacement options.
  • Don’t assume it’s “just a credit file error” if the user appears inside your lender’s own account view.

What to do now

  1. Get to a safer login (and lock down access).

    • If your provider offers it, freeze/lock the card in-app.
    • From a device you trust, change the password on the lender account and your email account (email is the reset key).
    • Turn on two-step verification where available, and check your email settings for unfamiliar auto-forwarding rules or unknown devices.

  2. Call your provider/lender’s fraud team (use the number on the back of the card or the provider’s official website). Ask them to do all of the following while you’re on the call:

    • Remove the authorised/additional user and cancel any additional cards already issued.
    • Confirm whether there were recent changes to postal address, phone number, email, contact preferences, app logins/devices, and credit limit.
    • Ask for the exact date/time the user was added and how (online banking, phone, branch, written request).
    • If there’s any sign of compromise, ask them to replace your card number (not just send a replacement card).
    • Add extra account protections if offered (for example a telephone passphrase or “extra verification” note).

  3. Check transactions and stop further loss.

    • Review recent transactions and flag anything you didn’t authorise.
    • Ask what can be stopped immediately (for example, pending items, merchant blocks, card number replacement) and start their unauthorised transaction process.
    • If any direct debits/continuous payment authorities look unfamiliar, ask what can be stopped right now.

  4. Check your credit report with the main UK credit reference agencies.

    • Check Experian, Equifax, and TransUnion (and if you already use a service that also shows Crediva, check that too).
    • Look for new credit applications/searches, new accounts, unfamiliar addresses, or unexpected “links/associations”.
    • Dispute anything you don’t recognise with both the agency and the lender shown on the entry. Keep a simple timeline (date, who you spoke to, what was agreed).

  5. Add an extra layer of identity-fraud protection.

    • Consider Cifas Protective Registration if you believe your details may be used to apply for credit. (A fee applies and it runs for a fixed term.)
    • Where available, ask the credit reference agency about adding extra verification to your file (for example a short statement/notice or other protection features they offer).

  6. Make the right fraud report for where you live (so you have a reference if needed).

    • If you’re in England, Wales or Northern Ireland, report identity fraud via Report Fraud (the national reporting centre).
    • If you’re in Scotland, report it to Police Scotland (for example via 101 or their online reporting/contact options).

  7. If the provider isn’t resolving it, use the formal complaint route.

    • Tell the provider you want this treated as unauthorised access/fraud and ask them to confirm next steps in writing (secure message/email/letter).
    • Make a formal complaint to the provider. If you receive a final response, or it’s been 8 weeks without one, you can escalate to the Financial Ombudsman Service (time limits apply after a final response).

What can wait

  • You do not need to decide today whether to close accounts, switch banks, or change every financial product.
  • You do not need to buy paid “identity protection” services in the first hour to be safe.
  • You can wait to do a full password reset of every account once the lender account and your email are secured and the authorised user is removed.

Important reassurance

Seeing a new authorised/additional user is alarming, but it can happen through fraud, error, or someone misusing access. Acting quickly and methodically (secure access → call fraud → check credit report → report appropriately for your nation) is usually enough to stop further damage and create a clear record.

Scope note

This is first-steps guidance to stabilise the situation and prevent avoidable harm. Any longer disputes about liability, refunds, or credit-report corrections may need the lender’s formal process and (sometimes) independent complaint resolution.

Important note

This guide is general information, not legal or financial advice. If money is actively leaving your accounts or you feel unsafe, prioritise immediate security and urgent contact with your card provider/bank.

Additional Resources
Support us