I asked my bank about their 16 character limit on password length because it suggests they are saving the password rather than some kind of hash. Their response - don't worry about it, you aren't responsible for fraud.
Banks aren't going to want to implement any changes that cost more (in system changes and customer support) than the fraud they prevent.