Perhaps "no bank" that you use, but every bank that I use asks for my full password on every login.

I used to work in website anti-fraud, and have worked with banks around the world, and the only banks I've come across that did the '3rd and 7th character' thing were a few of them in the UK. It's possible that's changed in the past few years, but it's not something I've seen at any of my banks in either Australia or the US. In fact, one Australian bank has a maximum 6 character password - without symbols or caps... Go figure... (I closed my account with that bank long ago!)

Even then, none of these measures stop a man-in-the-middle attack, where the attacker lets you login successfully, and then uses your session to do whatever they want to do.