What kind of attack is thwarted by a randomized PIN pad on a website?

I've been putting some order in my security setup, following the latest LastPass hacks. One of the financial institutions I deal with imposes a PIN, which can only be entered by clicking on a digital PIN-pad, where the placement of digits is randomized. What kind of attack is this measure designed to thwart? Is this type of attack common, and a significant source of risk? This institution is the only place I've seen this.

For context, I'm familiar with physical …

attack clicking cybersecurity deal digital financial financial institutions hacks institutions lastpass latest measure order pin pin pad risk security website