The aftermath of a successful impersonation, where one occurs, is a process. It is rarely instantaneous; the principal does not typically discover what has happened in the moment, and the provider does not typically respond in the moment when the principal discovers it. The intervening time is part of the consequence.

Providers' procedures for unwinding the consequences of an impersonation vary. Some are well-developed and quick; others are slow and contested. The variables include: whether the provider considers the impersonation to have been their failure or the customer's; whether the consequences are reversible by ordinary means; whether the provider has a fund or process for compensating the customer; and whether the matter touches on third parties whose participation is required.

The principal whose affairs are managed with care will have considered this in advance. The relationships with providers that matter will include a point of contact at a more senior level than the helpdesk; the principal will know the procedures for restoring the account and the timelines they typically take; the principal will have records of the configuration that should be restored, in case the provider's records of it have been altered.

Where the impersonation has produced consequences outside the provider's own systems, the work is more involved. The transactions that should not have been made; the messages that should not have been sent; the parties who should not have been contacted: each has its own remedy, which depends on the procedures of the entity that received the unauthorised action.

The desk works on this kind of matter from a particular angle. It is not, in itself, the principal's bank or telephone company; it is the desk that has, before any incident, ensured that the relationships with those providers are configured so that, if the moment comes, the response can be quick, considered, and within the principal's control. Most of the work happens before. The work after is materially easier as a result.