[jentulman]

In the UK I see it occasionally. Oddly enough it's mainly when I order food online.

It really peeves me that they are training people to accept entering sensitive information into something it would be so very easy to fake. There's nothing to prove that it is actually what it says it is. On top of that, if you forget your phrase the security question (the usual researchable ones) and answer sequence happens within the iframe without recourse to any external site or emails.

As other comments have said, none of this is for the customers benefit.