[Ralz]

Which would be far less secure than just hashing the entire password. I don't think it takes long to generate a rainbow table based on one character long pass-phrases.

I seriously doubt they do this, storing a hash for every single character would eat up a lot of space very quickly. My guess is that they store your password in plain-text. What bank is this btw?

[stordoff]

Most UK banks do this (RBS, Co-op and Halifax all do, and I've heard reports that others do as well)

[Adirael]

HSBC also did this. For business they use hard tokens. IIRC they were moving personal accounts to hard tokens too, I moved countries and lost access to my online account because of this (there was no money there, I tried to get them to send me a token to my new address but the person I talked to was hard to understand and the token never arrived).