Online purchases with UK bank accounts often require this. Some banks use an OAuth-style redirect instead. I think the merchants get lower rates if they enable this feature (called "3D secure") because it lowers the risk of fraud.
It's basically 2FA for online transactions, which seems very sensible to me.
It's basically 2FA for online transactions, which seems very sensible to me.