FWIW Steam and Origin do this too, as will most digital storefronts run by big companies in many scenarios. Others (like Amazon!) have other systems to prevent this (cooldowns, or delays in any transactions beyond X number until they've had the purchase method validated)
Fraud prevention, specifically for compromised accounts & credit card theft (mostly the latter) is a BFD in terms of time, money and customer trust. Most (in my experience, over 99%) legitimate purchase scenarios are going to be at the most three short term short order purchases. In areas of the 1% that it doesn't fall under, it's a high probability of some sort of purchase fraud.
It sucks if this is effecting legit customers, but in my personal opinion this is ultimately great design with bad but not horrific ramifications if it has a false positive. It would be cooler if there was a more elegant implementation (notifying a customer on their last purchase under X time series that hey, after this, no more buys until Y time has elapsed, or something akin to that) but this is Epic doing a "right thing", just not with the best execution.