Bet: it's all about gathering and selling customer data. Since they are active in Europe, I wonder if they've thought about the GDPR consequences of this?
Keeping to Hanlon's Razor, my bet is one of two things:
1. It really is intended for fraud prevention, and the incompetence lies primarily in the lack of communication to customers how & why it is built the way it is; or
2. It's just really shitty code that calls home all the time just because the dev team didn't think through what they were doing, were just doing the quickest thing that met a requirement, and the company has no mechanism/staffing to truly vet the implementation.
Based on my experience in corporate applications, I suspect #2 might be closest to reality. Could also be a combination of the two.
New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman