When an account is reclaimed by the legitimate owner Ravelin should be notified that the account has been secured. This will prevent the account from being blocked due to activity that happened while the account was compromised.
We recommend telling us about the account reclaim either:
If you want to know more about how to reclaim an account, please read our developer documentation.
When we receive a reclaim event for a customer we reset all Account Takeover features. Only login activity which happens after the reclaim event will be used to build up those features again. For Payment Fraud all data is retained, including activity that happened before the reclaim.
In Connect, when an account is reclaimed we reset the network connections around the customer in question. We drop any connections that were seen in the account before the reclaim date. However, these will be rebuilt after the reclaim if the customer re-uses a device, email, card etc.
Reclaims have no effect on other customers' networks: it will reset the network for the reclaimed customer but for any other customer in that network the graph still shows the full network including the reclaimed account. Consequently, if the network is centred on a customer whose account hasn't been reclaimed you will see the full network including the accounts with reclaims. Whereas accounts that do have reclaims will show as customer nodes floating outside the main network.
On the customer profile if an account has been reclaimed you will see a banner with the reclaim date. In the audits tab you will also see an event for "Account reclaimed".
Account reclaim information is also visible in the network.
To reclaim an account, click the menu option on the top right of a customer profile and select Notify Ravelin of reclaim. This will then allow you to add how the account was reclaimed and who reported the account takeover. You can also leave a comment for additional context as part of this process.
You should only notify us of a reclaim if the customer’s account has been fully secured within your system which means their password has been reset and any tokens associated with that session have been revoked.