Cases are where the customer claims they do not know how their PIN was compromised, state it was memorized, but was guessed on the first fraud attempt. Activity is consistent with known fraud ring, images of prior customer use at ATM and the "claimed" fraud where the "unknown suspect" gets out of the customers auto. So when we deny, they reassert requesting documentation used to deny the claim. Just wondering if required to send images.