Having worked at an ML fraud prevention company, can confirm that this is a pretty standard part of a fraud prevention stack. It's essentially used to block credential stuffing. There's a high probability your bank also does this.
There's a difference between doing collecting data on your own site and doing it on third-party sites so banks are a bad example (unless your banks work differently than mine).
Banks only don’t do it on third party sites as they very rarely have third party endpoints. If they did, they would do it there too. If you want an example of another payment processor that does this - Authorize, PayPal, WorldPay will all do this too.
