I can imagine that something like this happened:
1. Based on the disclosure, usage of multiple sessions was marked as possible fraudulent activity
2. When a new signal for fraudulent activity is added, accounts and transaction in the past are checked as well
3. OP's account comes up as fraudulent activities (ofcourse it does, he's the one who found it)
4. Nobody at Chase takes the effort to see what exactly happened here and that this account (or at least the specific transaction) should be excluded from positive results
Remember that Facebook reported the BBC to the police for telling them there was CP on their network [0]? I think something similar happened.
I work on a fraud team for a big loyalty program, and unfortunately, I can definitely see something like this happening within my organization. I don't think it's even necessary that this person's account got swept up when looking for similar transactions. It's very easy for the nuances of complicated situations like these to get lost as they pass through the organization.
Eventually the issue could've been forwarded to a lower level employee who spends 99.9% of their time reversing fraud caused by unrelenting fraudsters, and so they figured that must be what's going on here too. So they closed the account, closed any connected accounts, and sent a generic sternly worded email.
But equally likely is that Chase deliberately and short-shortsightedly thought, "this sort of shit just isn't something we want our customers to be doing; get rid of him."
This appears to suggest otherwise: "about a week later they followed up with an email which legally I cannot disclose as they have been quite hostile with me."
Remember that Facebook reported the BBC to the police for telling them there was CP on their network [0]? I think something similar happened.
[0] https://gizmodo.com/bbc-tells-facebook-about-child-porn-on-t...