Identity fraud could lead to loss of revenue, causes operational problems to e-tailers and damages the firm’s reputation. Most research in this domain focuses on the security technologies or system users’ security compliance related issues.. In this research, we direct attention to understanding the content and breadth of identity fraud prevention policies. We conducted thirty-three semi-structured interviews with employees and management of three large UK based e-tailers. It was found that while e-tailers have policies and other related arrangements that address information security and data theft prevention, they often lack policies on identity fraud prevention. Additionally, we found that the design of security policy awareness strategies, approaches to updating security policies, and enforcement of security compliance/audits, do not help prevent identity fraud. Based on this analysis, we developed the Identity Fraud Prevention Policies Framework (IFPF) to help e-tailers develop and implement better identity fraud prevention practices.