Reading from different sources about this subject, I find it "strange" (to say the least) about how UK-based financial organization understand the concept of IT Security. It reminds me of several scenes from Fawlty Towers. In one article, it is stated that "One of these involved the PAN numbers - the 16 digit card number sequence used to identify all debit cards. Tesco Bank inadvertently issued debit cards with sequential PAN numbers."
"squential numbers". Oh, this is not just "stupid". This is just "asking for it" and is very much like building a house but without a roof or door.
I do hope that the person who thought of this got a promotion.