Sarai Hannah Ajai *i*t* *h*r* Bank Business Online Banking — “Jeanie ATM Card x3091” Appearing Without Authorization

INCIDENT REPORT

Redacted

Suspected Unauthorized ATM Card Provisioning and Identity Theft Indicators

*i*t* *h*r* Bank Business Online Banking — “Jeanie ATM Card x3091” Appearing Without Authorization

Reporting Party: Sarai Hannah Ajai

Account Context: *c*ou*e*t*i*s (Business banking profile)

Primary Concern: A card record labeled “Jeanie ATM Card x3091” appeared inside the *i*t* *h*r* online banking “Security” settings and enabled a “Manage PIN” workflow, despite the Reporting Party stating she did not request, authorize, receive, or activate such a card.

 

1) Date, Time, and Method of Discovery

• Date of discovery: February 3, 2026

• Approx. time window (local): ~5:43 PM to ~5:49 PM

• Discovery method: Login to *i*t* *h*r* online banking (**.com) → Settings → Security tab → “Manage PIN” section.

 

2) Location

• Reporting Party’s residence (bedroom area), Fargo, North Dakota (exact address maintained on file by Reporting Party).

 

3) Evidence Reviewed (Uploaded Exhibits)

Exhibit A (Settings → Security screen)

• Shows *i*t* *h*r* “Settings” page with Security tab selected.

• Under “MANAGE PIN,” a card entry appears: “Jeanie ATM Card x3091”, with a “Manage PIN” link visible.

• The page also displays a “Last Login: 07/16/2025 01:41pm” indicator (bottom-right).

• This exhibit supports that:

1. the card record exists within the online banking profile; and

2. the system reflects a prior last-login timestamp visible at the time of discovery.

Exhibit B (Manage PIN page)

• Shows *i*t* *h*r* “Manage PIN” page instructing: “Enter your current PIN followed by your new PIN.”

• Displays fields for Current PIN, New PIN, and Re-enter new PIN, plus a customer service number.

• This exhibit supports that the online banking session could reach a PIN-management workflow associated with the card record found in Exhibit A.

 

4) Statement of Facts (What Is Being Reported as Observed vs. Alleged)

A. Observed / Documented Facts (Supported by Exhibits)

1. On February 3, 2026, while logged into *i*t* *h*r* online banking, the Reporting Party navigated to Settings → Security and observed an entry for “Jeanie ATM Card x3091” under “Manage PIN.” (Exhibit A)

2. Selecting “Manage PIN” led to a dedicated “Manage PIN” page that allows PIN updates by entering a current PIN and a new PIN. (Exhibit B)

3. Exhibit A displays a prior “Last Login: 07/16/2025 01:41pm” indicator at the time the card entry was visible. (Exhibit A)

B. Reported by Reporting Party (Proven by exhibits; included as allegations/claims to be investigated)

1. The Reporting Party states she did not order, did not authorize, and did not knowingly activate any card labeled “Jeanie ATM Card x3091.”

2. The Reporting Party states she did not receive the referenced card through USPS delivery and did not receive a USPS Informed Delivery notification regarding the card.

3. The Reporting Party states she has not granted Power of Attorney or Marriage License Certificate or other authority to any tenant or third party to act on her behalf in connection with her banking, mail, devices, or identity.

 

5) Incident Narrative (Professional Summary)

On February 3, 2026, the Reporting Party logged into her *i*t* *h*r* Bank business online banking profile associated with *c*ou*e*t*i*s. During routine review of account settings, she navigated to Settings → Security and observed a card listing under “Manage PIN” labeled “Jeanie ATM Card x3091”, paired with an actionable “Manage PIN” link (Exhibit A). The Reporting Party states she did not request, authorize, or consent to issuance, delivery, or activation of any such card.

Upon selecting “Manage PIN,” the system presented a workflow that permits PIN management by entering a current PIN and setting a new PIN (Exhibit B). The Reporting Party interpreted the presence of this workflow, paired with the unexpected card listing, as an indicator that a card associated with her profile may have been created, added, or provisioned without authorization.

Exhibit A also displays a prior “Last Login: 07/16/2025 01:41pm” indicator. The Reporting Party states that, as of the last time she previously accessed the account, she did not observe any unauthorized additional card entries or PIN management prompts tied to an unfamiliar “Jeanie” card profile, and she is reporting this as a suspected unauthorized change to her banking profile and/or associated access devices.

 

6) Primary Risk Areas Identified (Analytical Assessment)

Because the card entry appears inside authenticated online banking settings, the following risk categories are implicated:

1. Unauthorized account access or account takeover indicators

o An unknown actor may have accessed the online banking profile (credentials compromised, session hijack, phishing, malware, or unauthorized device access).

2. Unauthorized issuance / provisioning of an access device

o A card added to the profile can be consistent with access-device fraud, particularly if the card was shipped elsewhere, intercepted, or activated via social engineering or compromised authentication.

3. Mail diversion / delivery interception risk (if a physical card was issued)

o If *i*t* *h*r* issued a physical card, an unauthorized actor could have exploited delivery pathways (misdelivery, interception, change-of-address fraud, or mailbox compromise).

o The Reporting Party specifically reports no USPS Informed Delivery notification and no receipt of such card.

4. Compromised authentication channels

o If phone/email was used to verify issuance, activation, or PIN changes, compromise of the Reporting Party’s authentication channels (phone number, email, device, or reset processes) becomes relevant.

 

7) Persons of Interest (Named Only as Allegations; Not Determined)

The Reporting Party identifies a nearby tenant, R*l*n*ia B*k*r (Unit 206), and/or unknown other tenant(s) as suspected based on an ongoing issues and perceived patterns. This report does not assert guilt or certainty; it documents the Reporting Party’s stated suspicion for investigators to evaluate using objective records (bank logs, device logs, mail records, and law enforcement investigation).

 

8) Records and Data Preservation Requests (High Priority)

To properly investigate, the Reporting Party requests preservation of:

A. *i*t* *h*r* Bank records (internal fraud investigation / subpoena-ready)

• Card issuance records for “Jeanie ATM Card x3091”: date created, method (online/phone/branch), shipping address, cardholder name details, and status history

• Activation method (ATM, IVR/phone, online, branch), timestamps, and any verification steps used

• Online banking login history: timestamps, IP addresses, device/browser fingerprints, geolocation approximations, failed login attempts

• Any profile changes: added/removed cards, address changes, phone/email changes, security question changes, password resets

• Call logs and recordings if any phone interaction occurred

• Any alerts, risk scoring, or fraud flags associated with the account

B. USPS records (if a physical card was mailed)

• Whether any mailpiece consistent with a bank card was processed for the Reporting Party during the relevant time period

• Any Informed Delivery metadata (if applicable) and delivery anomalies

• Mail theft indicators for the address/building if already documented

 

9) Potentially Applicable Laws (For Investigators; Not Legal Conclusions)

Note: The following are potentially relevant statutes commonly implicated by the facts as reported. Applicability depends on evidence (intent, identity of actor(s), jurisdiction, and investigative findings). This section is informational and investigatory in nature.

A. Federal (United States Code) — Potentially Implicated

• Mail fraud — 18 U.S.C. § 1341 (U.S. Code)

• Wire fraud — 18 U.S.C. § 1343 (U.S. Code)

• Bank fraud — 18 U.S.C. § 1344 (U.S. Code)

• Identity document / identity information fraud — 18 U.S.C. § 1028 (U.S. Code)

• Aggravated identity theft — 18 U.S.C. § 1028A (U.S. Code)

• Access device fraud (cards, account numbers, unauthorized devices) — 18 U.S.C. § 1029 (U.S. Code)

• Computer Fraud and Abuse Act (CFAA) — 18 U.S.C. § 1030 (U.S. Code)

• Theft or receipt of stolen mail matter — 18 U.S.C. § 1708 (U.S. Code)

B. North Dakota (N.D.C.C.) — Potentially Implicated

• Unauthorized use of personal identifying information (identity theft) — N.D.C.C. § 12.1-23-11 (FindLaw)

• Computer fraud / computer crime — N.D.C.C. § 12.1-06.1-08 (FindLaw)

• Harassment (if additional evidence supports it) — N.D.C.C. § 12.1-17-07 (FindLaw)

• Stalking (course of conduct standard; if evidence supports it) — N.D.C.C. § 12.1-17-07.1 (FindLaw)

• Human trafficking statutes (separate, high-threshold allegations; require specific facts/evidence) — N.D.C.C. ch. 12.1-41 (North Dakota Legislative Branch)

• Identity theft victim remedies / judicial determination framework (civil/remedial) — N.D.C.C. ch. 51-31 (FindLaw)

 

10) Clarifying Notes on Technical Claims (Kept High-Level for Safety and Forensics)

The Reporting Party reports concerns that her devices (Apple Mac mini M1 / iPhone 17) may have been accessed without authorization in a manner that could support impersonation or account compromise. At this time, the mechanism (malware, credential theft, social engineering, SIM/number takeover, or other unauthorized access) is not determined and should be evaluated through bank logs and, if needed, forensic review of devices and authentication channels.

 

11) Requested Outcomes (What the Reporting Party Is Asking Authorities/Institutions To Do)

1. Immediate fraud investigation by *i*t* *h*r* Bank into the origin and lifecycle of “Jeanie ATM Card x3091,” including issuance, delivery destination, and activation pathway.

2. Immediate access hardening and review of all authentication factors and profile-change logs.

3. Preservation of records for law enforcement and any pending administrative/civil matters.

4. Investigation of possible mail diversion or interception if a physical card was mailed.

5. Formal documentation that the Reporting Party disputes authorization, issuance, receipt, activation, and PIN association for the referenced card.

 

12) Certification (Reporting Statement)

I, Sarai Hannah Ajai, declare that the above report is true and accurate to the best of my knowledge and reflects my observations, the uploaded exhibits referenced herein, and my good-faith allegations for investigation.

Prepared on: February 3, 2026

Reporting Party: Sarai Hannah Ajai