They probably get a lot of these issues and you'll find there's a smallish department that deals with this stuff. Before unlocking, aside from verifying your information and documents, which is relatively straight forward, there is a good chance they are also investigating how and when the fraudulent usage occurred, including IP addresses and their locations, type of usage (in line with your legitimate type of usage or different, i.e. could it have been you but you claimed fraud because you changed your mind or something), this info probably involves other departments, including IT, which needs to pull logs, so I think 7-14 days is probably a realistic timeframe, if they're not super backlogged.