If you're a programmer, you'd know there are ways to authenticate a transaction without giving away giving aways, or storing, the person who initiated the transaction. It's more difficult to do of course. So it's often not done.
The fact that it has always been like this doesn't mean it should continue. It's silly to have to explain this to a grown ass person.
Not agreeing with "it's always been like this" either.