I think you’re operating with the right mindset.

Looking at the linked story, the trigger seems to have come from redeeming a gift card bought at a major retailer.

Even if the purchaser uses a legitimate store, the user can’t really know the full supply-chain history of a prepaid code, and that uncertainty alone creates room for unexpected flags.

For people who already have a credit card, gift cards are a fuzzy choice if the goal is simply to load balance onto an account.

Something somewhere in the chain probably tripped a rule — maybe fraud-related, maybe a processing anomaly — and from the outside it’s impossible for the user to see which.