I guess it's to prevent phishing. If you have to take all the steps yourself instead of clicking on a link from the e-mail, the chances of someone being able to hijack a link are smaller.
If it's always (1) click link, (2) enter credit card details. You are teaching your users to become victims of fraud.
If it's always (1) click link, (2) enter credit card details. You are teaching your users to become victims of fraud.