Authenticating by using some letters from the password

How do banks authenticate users just开发者_如何学运维 by asking some letters of the password. Does is mean that hashes of those individual words are stored in the database, and if yes then would not it make it very vulnerable to break those passwords. Can you please give me some insight in how they do it.

Thanks

It does not matter if they hash this information or not. This way of proceeding is totally unsafe and makes the system very weak. So, the way they do it is really the 'wrong' way.