Close Sign Up Share Page Print Take Poll Provide Feedback

Sign Up

Share Page


West Virginia

West Virginia State Victim Resources:

Attorney General
Phone: (304) 558-2021

Agencies that offer assistance to IDT victims:

Legal Aid of West Virginia, Inc.                                                        
Program Phone: (304) 343-3013   
Legal Assistance: (800) 642-8279

Security Freeze Law:

All West Virginia consumers are allowed to place security freezes on their consumer credit reports to prevent others from opening new accounts in their names. Such a freeze enables the consumer to prevent anyone from looking at his/her credit file for the purpose of granting credit unless the consumer chooses to allow a particular business look at the information. To request a freeze, an identity theft victim may request one in writing by certified or overnight mail to the credit reporting agencies or use a a secure electronic method provided by the agencies. Credit reporting agencies may charge $5 for each security freeze, removal of a security freeze, or temporary lifting of a freeze for a period of time. However, victims of identity theft with a valid police report may not be charged.

The reporting agency must place the freeze within five business days after receiving the request, and within ten days must send a written confirmation of the freeze and provide the consumer with a unique personal identification number or password to be used by the consumer when providing authorization for the release of his credit for a specific party or period of time. Requests for a temporary unlocking of the freeze must be completed within three business days. However, temporary unlocking must be completed within 15 minutes if the consumer's request is received through an electronic contact method or by telephone, during normal business hours.
Statute: §4-A-6L-101 through 105:

How to Place a Freeze in West Virginia:

Mandatory Police Report Law for Identity Theft Victims:

No State law at this time.

Identity Theft Passport Law:

No State law at this time.

Identity Theft Laws:

Any person who knowingly takes the name, birth date, Social Security number or other identifying information of another person, without the consent of that other person, with the intent to fraudulently represent that he or she is the other person for the purpose of making financial or credit transactions in the other person's name, is guilty of a felony, punishable by up to five years in prison and/or a fine of up to $1000.

These provisions do not apply to any person who obtains another person's driver's license or other form of identification for the sole purpose of misrepresenting his or her age.
Statute: §61-3-54.

Other Related Laws:

Payment Cards

It is unlawful for any person knowingly to obtain or attempt to obtain credit, or to purchase or attempt to purchase any goods, property or service:

  • By the use of any false, fictitious or counterfeit credit card, telephone number, credit number or other credit device;
  • By the use of any credit card, telephone number, credit number or other credit device of another beyond or without the authority of the person to whom it was issued;
  • Where such card, number or device has been revoked and notice of such revocation has been given to the person to whom issued.

Violations are a felony, punishable by one to ten years in prison and/or a fine up to $2500, if the value of the credit, goods, property, service or transmission is over $1000. If it is below $1000,

it is a misdemeanor, punishable by up to one year in jail and/or a fine of $2500.

Any person who traffics in or attempts to traffic in ten or more counterfeit credit cards or credit card account numbers of another in any six-month period is guilty of a felony, punishable by one to ten years in prison and/or a fine up to $2500.
Statute: §61-3-24a.

Scanning Devices

State law prohibits the use of a scanning device or re-encoder that is used to obtain or record encoded information from the magnetic strip of a payment card without the authorization of the authorized user and with the intent to defraud the authorized user, the issuer of the card, or a merchant. Scanning devices are defined as a scanner, reader, or any other electronic device that is used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information encoded on the magnetic strip or stripe of a payment card. A reWest encoder is an electronic device that places encoded information from the magnetic strip or stripe of a payment card onto the magnetic strip or stripe of a different card. Violations are a misdemeanor, punishable by up to a year in jail and/or a fine of up to $1000 for use of a scanner and $2500 for use of a re-encoder. Subsequent violations are a felony, punishable by one to three years in jail and/or a fine up to $5000.
Statute: §61-3-56.

Security Breach

State law requires state agencies and businesses operating in the state that own or license computerized data that include consumers' personal information to notify consumers when their personal information is compromised during a security breach, putting them at risk of identity theft. A security breach occurs upon the "unauthorized access or acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals and that causes the individual or entity to reasonably believe that the breach of security has caused or will cause identity theft or other fraud to any resident of this state."

Disclosure must occur to any resident of the state whose unencrypted and unredacted personal information was, or is reasonably believed to have been, accessed and acquired by an unauthorized person, and that causes, or the individual or entity reasonably believes has caused or will cause, identity theft or other fraud to any resident. The disclosure must be made in the most expedient time possible, and without unreasonable delay, consistent with legitimate needs of law enforcement.

Personal information means an individual's first name or first initial and his/her last name, linked to any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted: Social Security number; driver's license or state identification card number; or financial account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to the individual's financial account. Publicly available information is not included. Notification can be provided to the affected persons by mail, telephone, or e-mail. If the cost of providing regular notice would exceed $50,000, the amount of people to be notified exceeds 100,000, or the entity or business does not have sufficient contact information, substitute notice may be provided. When substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the entity's web site, and notification to statewide media. If the entity is required to notify more than 1000 people, they must also notify all national consumer reporting agencies.

The notice must include, to the extent possible, a description of the categories of information that were reasonably believed to have been accessed or acquired by an unauthorized person; a telephone number or Web site address that can be used to contact the entity for additional information; and the toll-free contact telephone numbers and addresses for the major credit reporting agencies and information on how to place a fraud alert or security freeze.
Statute: §


Information gathered from sources including Identity Theft Resource Center and Identity Crime in partnership with International Association of Chiefs of Police and Bank of America.