Blog post

What is a Credit Privacy Number (CPN), and Why Are They Illegal?

Charlie Custer


May 28, 2024

We want to be clear right from the outset: credit privacy numbers (CPNs) are not a real thing. Using a CPN to apply for credit is a form of synthetic fraud, and is illegal. 

Unfortunately, though, scammers commonly sell CPNs to consumers as a way to repair poor credit. In this article, we’ll take a closer look at CPNs: what they are, what they are not, and why they are not a valid way to repair credit.

What is a CPN?

A CPN is a nine-digit number that looks just like a Social Security Number: XXX-XX-XXXX. Unlike a real SSN, though, CPNs are not issued or recognized by the government, and they are illegal to use on credit applications. 

CPNs are also sometimes called credit protection numbers or credit profile numbers. They are typically sold to consumers as a method of credit repair. CPNs can appear to “work” because applying for credit with a CPN can obscure a consumer’s true identity and the credit history that is associated with their real SSN. But make no mistake: using a CPN to apply for credit is fraud. 

In actuality, when a consumer buys a CPN they are actually buying either a completely made-up nine-digit number or a stolen SSN. 

SSNs vs. EINs vs. ITINs vs. CPNs

It can be easy to get confused about CPNs because there are several legitimate U.S. federal government identification numbers that share the same nine-digit format and aren’t SSNs.

The chart below should help highlight the differences between SSNs, EINs, and ITINs (which are all real federal government-issued numbers) and CPNs (which are not). 

Type of ID

What it is

What it’s for



Social Security Number (SSN)

A unique nine-digit ID number for US citizens, green card holders, and some other classes of immigrants, issued by the Social Security Administration (SSA).

Used for a variety of identification purposes, including filing taxes and applying for credit. 



Employer Identification Number (EIN)

A unique nine-digit ID number for businesses issued by the Internal Revenue Service (IRS).

Used for a variety of identification purposes such as filing taxes and applying for credit for a business.



(Individual) Taxpayer Identification Number (TIN or ITIN)

A unique nine-digit ID number for noncitizen individuals who are unable to obtain SSNs, issued by the Internal Revenue Service (IRS).

Used for a variety of identification purposes such as filing taxes and applying for credit for immigrants who are unable to obtain an SSN.



Credit Privacy Number (CPN)

A made-up nine-digit number or stolen SSN, typically sold by a scammer.

Used to hide an individual’s true credit history on credit applications – in other words, fraud.




Long story short: SSNs, EINs, and ITINs are all legitimate government-issued identity numbers, although they serve different demographics. 

CPNs are made-up numbers or stolen SSNs – they were not issued to their users by the government, and they have no legitimate uses. 

Warning for consumers: What’s the penalty for using a CPN?

Intentionally using anything other than your legitimate, government-issued identification number (SSN or ITIN if you’re an individual) is fraud, and illegal in all cases.  

The specific laws implicated through use of a CPN will vary depending on how it’s used, and on the provenance of the CPN. Many CPNs are legitimate SSNs that have been stolen – often from vulnerable groups such as children or the elderly – and using one of them could violate one or more identity theft-related laws.

In addition to a variety of ID-theft-related crimes, users of CPNs may also violate laws related to making false statements on credit applications. 

Warning for consumers: What to do if you’ve been sold a CPN?

First and foremost: do not use it! 

Second, report the scam to protect yourself and to protect future victims. There are a variety of official avenues for doing this. Here are some options to consider:

You should also consider reporting the scam to your local police department. While they may not be in a position to investigate or resolve the case, they may be able to take steps such as issuing PSAs to let people know about scams happening in your area.

Third, take steps to avoid CPN related scams in the future. In general:

  • Avoid anyone that is offering you a new credit identity.
  • Avoid anyone that asks you to lie about personal information on credit applications.
  • Avoid anyone that promises quick fixes for bad credit, or anything that sounds too good to be true.
  • Avoid anyone that instructs you to use anything other than a legitimate, government-issued SSN or ITIN on an individual credit application.
  • When in doubt, consult with official government sources to confirm a recommended action is legal. 

How can businesses detect CPNs?

In addition to putting individuals at risk of violating the law, CPNs also present a significant threat to businesses. Businesses frequently impacted by CPNs include:

  • Banks and financial institutions (FIs) – CPNs are used by consumers to obscure their true identity and access bank accounts and credit products (personal loans, credit cards, etc.). 
  • Property rental – CPNs are used by renters to obscure their true identity and pass the tenant screening process.
  • Auto lenders – CPNs are used by consumers to obscure their true identity when applying for vehicle loans. 
  • Telecommunications – CPNs are used by consumers to obscure their true identity when applying for smartphone payment plans. 
  • And much more – CPNs may be used to obscure consumer identities in any business that leverages SSNs to verify identities – this includes utilities, gambling and gaming, buy now pay later (BNPL) services, and more. 

Applications for credit containing a CPN may not be flagged by traditional ID theft detection solutions because they don’t fit the classic pattern of ID theft (in which a fraudster applies for credit using the name, DOB, and SSN of whoever’s identity they have stolen). An application from a person using a CPN may contain that person’s real name and date of birth, but the SSN field will have been filled in with the CPN, meaning that it could be a stolen SSN or any sequence of nine digits. 

Many businesses also rely on physical documents that don’t include the consumer’s SSN (such as drivers licenses) for ID verification, which can allow CPN identities to sneak through ID verification processes undetected.

Detecting this sort of synthetic fraud is difficult, particularly if your fraud detection solution can only access your company’s own internal application data. Often, it will be more effective to use a dedicated, third-party solution to detect synthetic fraud risk because these solutions can leverage data from their networks to see a bigger picture than any one company’s data can provide. 

SentiLink specializes in synthetic fraud detection at the point of application, helping financial institutions verify millions of customers and stopping thousands of attempted synthetic fraud instances every day. Leveraging our network of 400+ partners, which includes 10 of the top 15 US banks, 5 of the top 10 credit unions, and 30+ fintech unicorns, our sophisticated machine learning model can help you identify and prevent synthetic fraud much more accurately. We also offer eCBSV verification as a treatment option when synthetic identities are suspected.

Plus, when you encounter particularly tricky cases, you can consult with our highly-experienced fraud intelligence team, who spend every day tracking and identifying cases of synthetic fraud and ID theft.  

Book a demo today to learn more about how SentiLink can help you stop losing money to CPN-related fraud and onboard more legitimate customers at the same time.


Learn how we can help.

Schedule a demo with a fraud expert and evaluate our solutions.