Criminals create fake accounts and use stolen credentials to defraud banks. The problem of stolen credentials is partly solved by 2FA, but banks have measured that 2FA annoys users and makes them less likely to complete transactions. As a middle ground between imposing 2FA on users and being defrauded frequently, banks buy browser fingerprinting services (e.g., ThreatMetrix, Trusteer, Kount, Iovation, Easy Solutions, ...). If the user's fingerprint matches their database and looks normal, they pass the login through (takes ~100ms, mostly invisible to user). If the user looks suspicious, they escalate to 2FA or some other login verification that criminals cannot pass.
Apps do the same thing. It's all to help gauge whether you're a legit human or a criminal bot.