If you’ve ever sat in a dentist’s chair and been handed a clipboard with a “CareCredit application,” you’ve been on the receiving end of one of the most quietly aggressive consumer-credit sales channels in American medicine. The CareCredit program — a healthcare credit card issued by Synchrony Bank — is offered through more than 250,000 dental, medical, veterinary, and cosmetic-surgery offices across the country. In normal use, you fill out the application, you sign it, and Synchrony makes the credit decision. But a recurring pattern shows up in consumer complaints and legal-advice forums: medical offices that complete the application for the patient, run the credit check without authorization, and charge thousands of dollars in services the patient never agreed to. A New York mother who shared her story on r/legaladvice this month described exactly that — a dentist office that opened a CareCredit account in her name with a falsified income figure and the wrong driver’s license number, then charged it $4,500 for an implant surgery she hadn’t agreed to and hadn’t received. This guide walks through what the law actually says when a medical office opens a credit account in your name without consent, what to do in the first 48 hours, and the longer recovery path.

The Reddit thread that triggered this article

A user on r/legaladvice posted a detailed account of going to a Manhattan dentist for severe molar pain while pregnant. The dentist told her to wait until after the pregnancy for an implant. A “care coordinator” then pressured her to apply for CareCredit during a phone call:

“She kept pressuring me to apply for ‘CareCredit’, a medical credit account. She asked for my SSN and said it was only a ‘pre-authorization’ that would not affect my credit. She ran it, then said I was approved.”

“That made me look more closely at the CareCredit email they sent me. The office had completed an application for me, that I never signed, using false information, including the wrong driver’s license number and claiming I make $11,000/month. (I don’t.)”

“Then CareCredit told me the dentist had already charged $4,500 to the account for implants and surgery I never agreed to, never signed for, and never received.”

— Reddit user, r/legaladvice, November 2025

The thread drew almost 6,000 upvotes and dozens of detailed comments from people who said they’d been through nearly identical experiences. The pattern is consistent enough that it has a legal name — unauthorized credit application — and it sits at the intersection of federal consumer-credit law, state deceptive-practice law, and state professional-licensing law. Here’s what each of those frameworks actually says.

The federal law: opening a credit account in your name without consent is identity theft

The legal threshold for “identity theft” under federal law is lower than most people assume. Under the Federal Trade Commission’s identity-theft framework, identity theft happens any time someone uses your personal information — name, Social Security number, date of birth — to apply for credit, open accounts, or obtain services in your name without your authorization. It doesn’t require that the person who used your information was a stranger; a dentist’s office that submits a credit application on your behalf with false income figures meets the definition.

Three federal statutes give consumers rights here:

  • The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681. When you discover an unauthorized account, you have the right to dispute the account directly with the credit bureaus (Equifax, Experian, TransUnion) and with the credit issuer. The credit reporter has 30 days to investigate and remove the unauthorized account from your file if the investigation supports your dispute. The Consumer Financial Protection Bureau’s plain-language guidance on disputing unauthorized accounts walks through the dispute process.
  • The Equal Credit Opportunity Act (ECOA), 15 U.S.C. § 1691. A creditor cannot open an account based on a third party’s representation of you without your authorization. If a credit application is submitted with your name and SSN but you never signed it, the resulting account is voidable.
  • The Truth in Lending Act (TILA), 15 U.S.C. § 1601. Requires the consumer to receive written disclosures and to authorize the extension of credit. A credit account opened without the consumer’s authorization fails TILA’s authorization requirement and the underlying obligation is unenforceable.

The FTC’s IdentityTheft.gov portal is the federal one-stop intake site. Filing a report there generates a recovery plan and an Identity Theft Affidavit (a sworn document creditors must accept). Most credit issuers, including Synchrony Bank, require the affidavit before they’ll close a disputed account and reverse the charges.

What CareCredit and Synchrony Bank actually have to do

CareCredit is the consumer brand; the issuing bank is Synchrony Financial, a publicly traded financial holding company headquartered in Stamford, Connecticut. Synchrony issues most U.S. retail and healthcare-financing credit cards and operates a fraud department staffed for exactly this fact pattern. Synchrony’s fraud protection page documents the process: report the disputed account by phone, submit a fraud affidavit, and Synchrony freezes the account pending investigation.

The bank’s investigation typically focuses on three questions:

  • Did the cardholder submit or authorize the application? (Documented by signed application or recorded consent.)
  • Did the application contain accurate information? (Income, SSN, driver’s license number, date of birth all match the consumer’s actual identity.)
  • Did the consumer receive the goods or services charged to the account?

A “no” answer to any of the three triggers Synchrony’s full fraud-investigation protocol. The consumer is not liable for the disputed amount during the investigation under the Fair Credit Billing Act, 15 U.S.C. § 1666, and Synchrony cannot report the disputed account as delinquent to the credit bureaus while the investigation is pending.

State law: New York General Business Law § 349 and the broader picture

The federal consumer-credit framework runs in parallel with state law. In New York — the state where the r/legaladvice user said the dentist was located — General Business Law § 349 makes “deceptive acts or practices in the conduct of any business” unlawful and creates a private right of action with actual damages, statutory damages of up to $1,000 per violation, and attorney’s fees for prevailing plaintiffs. Submitting a credit application with false income information is a per se § 349 violation in most reported cases. The New York Office of the Attorney General accepts consumer-fraud complaints and has the authority to pursue separate civil enforcement under § 349.

Most states have an analogous Unfair and Deceptive Acts and Practices (UDAP) statute. The names vary — California has the Unfair Competition Law (Business & Professions Code § 17200); Texas has the Deceptive Trade Practices Act (Business & Commerce Code § 17.41 et seq.); Florida has the Florida Deceptive and Unfair Trade Practices Act. The substantive standard is similar across states: a business cannot make material misrepresentations or omissions in connection with a consumer transaction. Submitting an unauthorized credit application on behalf of a consumer using falsified information falls squarely within the prohibited conduct.

Professional licensing: the dental board complaint

Beyond consumer-credit law and state UDAP, dental offices that engage in unauthorized credit-application conduct face professional licensing exposure. Every state’s dental licensing board has authority to discipline licensees for unprofessional conduct, fraud, and patient-financial-protection violations. In New York, the dental licensing board sits within the State Education Department’s Office of the Professions, and complaints can be filed at op.nysed.gov.

The licensing-board complaint is one of the highest-leverage actions a consumer can take. Dentists with a clean disciplinary record have a strong professional incentive to resolve a board complaint quickly. The board can require remediation, fine the licensee, suspend the license, or refer to criminal authorities. Even a complaint that doesn’t result in formal discipline becomes part of the licensee’s record and informs future regulatory scrutiny.

What to do in the first 48 hours

The sequence below is the standard recovery playbook recommended by consumer-protection attorneys and the CFPB. Each step protects against a different downstream harm and the order matters — credit-freeze first, then disputes, then complaints.

  1. Freeze your credit at all three bureaus. A credit freeze blocks any new accounts from being opened in your name. It’s free, takes about 15 minutes at each bureau, and you can lift it temporarily when you legitimately need new credit. The FTC’s credit freeze FAQ walks through the process. The relevant URLs are Equifax, Experian, and TransUnion’s freeze portals — each takes a few minutes.
  2. File an identity theft report at IdentityTheft.gov. Generates the federal Identity Theft Affidavit. Print and keep copies; you’ll need them.
  3. Call the credit issuer’s fraud line. For CareCredit / Synchrony, that’s the Synchrony fraud line. Report the unauthorized account, submit the affidavit. Synchrony freezes the account pending investigation.
  4. Dispute the account with each credit bureau. Equifax, Experian, and TransUnion each accept disputes online. Provide the Identity Theft Affidavit, the police report (see step 5), and supporting documentation. Under the FCRA, the bureau has 30 days to investigate.
  5. File a police report. Identity theft is a crime. The police report — even if local police don’t actively investigate the dentist office — is required documentation for the bureaus’ dispute process and for civil litigation.
  6. File a complaint with the state attorney general. For New York, that’s ag.ny.gov‘s consumer complaint portal.
  7. File a complaint with the state dental licensing board. The licensing-board complaint is the action that creates the strongest incentive for the office to resolve the dispute quickly.
  8. Save every document. Email correspondence, the original treatment plan, the CareCredit application showing the falsified information, the appointment notes — preserve them in a folder with dates. They become evidence for everything downstream.

What this means for the office’s enforcement of the $4,500

The dental office cannot legally collect the $4,500 from the consumer when (a) the consumer did not sign or authorize the credit application, (b) the application contained falsified information, and (c) no services were actually performed. The legal grounds for non-collectibility stack:

  • The credit agreement is voidable for lack of consent (basic contract law).
  • The services billed were never rendered, so the underlying debt fails the basic consideration requirement.
  • The application contained material misrepresentations submitted by the office, not the consumer — making the office’s conduct fraud as a matter of common law and likely as a matter of state UDAP.
  • The FCRA and ECOA framework prohibits the credit issuer from holding the consumer liable for an unauthorized account.

If the office attempts to send the disputed amount to collections, the consumer has additional protection under the Fair Debt Collection Practices Act, 15 U.S.C. § 1692, which prohibits collectors from attempting to collect debts the consumer has properly disputed. The CFPB’s guidance on consumer rights against debt collectors details the dispute procedure.

Civil litigation: when an attorney is worth retaining

For straightforward cases — the disputed amount is resolved through the bureau-dispute process and the licensing-board complaint — most consumers won’t need to retain an attorney. The amount in controversy ($4,500 in this scenario) is below the small-claims-court threshold in many states. For larger amounts, recurring fraud patterns, or cases where the consumer’s credit score has been damaged by an unauthorized account, a consumer-protection attorney with FCRA experience is the right call. Most consumer-protection attorneys handle these cases on a fee-shifting or contingency basis because the FCRA and state UDAP statutes shift attorney’s fees to the prevailing plaintiff.

The state bar’s consumer-protection referral service is the right starting point. For New York specifically, the New York State Bar Association runs a lawyer referral service that screens for case-type specialty. For other states, the equivalent state-bar referral service is the analog.

The broader pattern: CareCredit complaints have been an FTC concern for years

The unauthorized-CareCredit-application pattern is not new. In 2013, the CFPB ordered CareCredit to refund up to $34.1 million to deceived consumers following an investigation that found CareCredit had been issued through medical and dental offices in ways that consumers didn’t understand were credit transactions — including office staff who described the program as a “no-interest payment plan” rather than as a deferred-interest credit card. The 2013 order required CareCredit to reform its enrollment process and added consumer-disclosure requirements that remain in place today.

The regulatory framework has improved since 2013, but the enforcement profile suggests the pattern persists in individual offices. When consumers find themselves in the Reddit user’s situation, the playbook above is the structured response that has worked in case after case.

Bottom line

A medical office that completes a credit application on your behalf with falsified income, charges your unauthorized account for services you never received, and tries to enforce the resulting debt has committed multiple federal and state law violations. The consumer’s recovery path is well-established: credit freeze, IdentityTheft.gov affidavit, Synchrony fraud report, bureau disputes, police report, AG complaint, licensing-board complaint. The $4,500 is not legally collectible when the application was unauthorized and the services were never rendered. The office’s exposure runs through professional licensing, FCRA private action, state UDAP, and potential criminal fraud. The consumer’s exposure runs to zero if the recovery playbook is executed in the first 48 hours.

Frequently asked questions

Can a dentist’s office open a CareCredit account in my name without my consent?

No. Federal law (the ECOA, TILA, and FCRA) requires consumer authorization for any credit application. A CareCredit application submitted by an office without the consumer’s signature, or with falsified information, creates an unauthorized account that’s voidable and that the consumer isn’t liable for. The conduct also violates state Unfair and Deceptive Acts and Practices statutes and, in many states, state identity-theft criminal statutes.

What do I do if I find out a medical office charged my CareCredit for services I never received?

Run the 48-hour playbook: freeze your credit at all three bureaus, file an Identity Theft Affidavit at IdentityTheft.gov, report the unauthorized account to Synchrony’s fraud line, dispute the account with the credit bureaus, file a police report, file complaints with the state Attorney General and the dental licensing board, and preserve all documentation. The disputed amount is not legally collectible during the investigation, and the office cannot report you to collections for the disputed balance.

Am I liable for the charges on an unauthorized CareCredit account?

No. Under federal Fair Credit Billing Act § 1666 and the underlying FCRA framework, you are not liable for charges on an account that was opened without your authorization. The credit issuer cannot report the disputed account as delinquent during the investigation, and the issuer must reverse the charges if the investigation confirms the account was unauthorized.

Should I get a lawyer for this?

For straightforward cases under $5,000 where the bureau-dispute process and licensing-board complaint resolve the matter, most consumers don’t need an attorney. For larger amounts, credit-score damage that affects employment or housing, or cases where the medical office continues to attempt collection, a consumer-protection attorney with FCRA experience is the right call. The FCRA and state UDAP statutes shift attorney’s fees to the prevailing plaintiff, so most consumer-protection attorneys handle these cases on fee-shifting or contingency arrangements.

What’s the difference between identity theft and unauthorized credit application?

Unauthorized credit application is one category of identity theft. The federal Identity Theft framework at IdentityTheft.gov treats any unauthorized use of your personal information to obtain credit, services, or government benefits as identity theft — whether the person who used your information was a stranger or a business you trusted with your data. The recovery process is the same in both cases.

Sources

Featured image: photo by Martha Dominguez de Gouveia on Unsplash.

This article is general legal information about consumer rights when a medical office opens a credit account without authorization. It is not legal advice and is not a substitute for case-specific evaluation. If you believe a medical or dental office has opened a credit account in your name without consent, run the 48-hour playbook described above and consider consulting a consumer-protection attorney in your state for case-specific evaluation. Most consumer-protection attorneys offer free initial consultations.