I would not deny the claim on that alone. The burden of proof is on the bank and the fact that at some point in time a transaction was authorized, in no way means subsequent transactions would be authorized. You would need more evidence than that, how was the transaction completed, who signed on, what security measures were in place, etc. This is similar to a major bank that used that criteria in processing claims between consumers and merchants – “you have transacted business with this store in the past, therefore this transaction must have been authorized,” and that bank was cited with a major violation.
When it comes to third party programs and that party does not hold the deposit, ensure you review Reg E section 1005.14, as the claims requirement and liability for errors may not even be on your bank.