My bank's internet banking site enforces a pretty weird policy: it does not allow you to set a password that has anything but digits in it. The only reason I can imagine is that they are using not an industry-standard password hash function like say SHA-256 but some silly homebrew replacement that works only on digits. Does anyone have a better explanation? Mine is somewhat frightening, security-wise.
They are most likely considering all forms of user input (and need the password to work via other modes such as at an ATM or via phone touch-tone) and therefore limit it to just numbers. Of course the only way to be sure is to have them answer this question, but the scenario is not uncommon with banks that have consolidated remote banking functions onto one platform.
Edit: I remember a question very similar to this on SE (I think it was here in security) but searching isn't finding what I am looking for... Anyone else recall?