Making payments and seeing credit card information should require your password

In the case of token logging, one can accept losing their discord account. But if they have their credit card linked to the account, the attacker can easily see their info and steal it. What i propose, is that whenever you make a payment, you should be requested your account passsword (and 2fa code) before proceeding to the card list. That would make it so if the attacker token logs you, they cant see your card info or make payments.