So just to be clear. The bank ask for the nth digit of your password and compare it to what?
Doesn't this method of security (asking for 3 out of n digits/characters of your password) require that the password is itself stored in plain text or did I miss the bleeding obvious (yes, yes, I guess you could encrypt the password, but do you decrypt it into secure memory? and do you keep the encryption key safe?).
Paris as the dumb-blonde look may yet come back to haunt me :D