If the bank is indeed salting and hashing the password, then what's the rationale of allowing certain special characters like '!', but not '+'? Hashing and salting should be character agnostic.
Some special characters are not processed as one might expect, particularly by implementations of languages such as COBOL, which is still used on the server side by many banks, insurance companies and government agencies where consistency is paramount.
"#" can mean phone number
"+" or "&" can mean concatenate variables
It is vastly easier to screen out possible problems at the user/browser level than rewrite zillions of lines of legacy code.
"#" can mean phone number "+" or "&" can mean concatenate variables
It is vastly easier to screen out possible problems at the user/browser level than rewrite zillions of lines of legacy code.