I am developing a banking demo application. In my region users log-in to their bank website and do some transaction based on two fields that they have(You can assume two passwords- we call them cvv2 and Second-Password). These two passwords are only using for internet or mobile transactions.
I am sure that they do not save these passwords in database; because if they save these passwords in database, then the database administrator can use them and do fake transaction without real user permission.
By the way the question is that how the bank and its web site authenticate users and check that the entered fields(that two passwords) are right when they do not save these passwords in the data base.
Most banking systems today, do not rely on simple passwords, they have a two-factor authentication inplace. This could be for example an independend device to generate a code using your credit-card, or a least a TAN list.
When they store a password (usually done in combination with other security measures), then you can be sure that they store a hash of the password. A hash is one-way, you cannot get back the original password from it. Good hash algorithms for storing passwords are BCrypt, PBKDF2 or SCrypt, because they offer a cost factor. If you are interested to read more about the topic, you can have a look at my tutorial abour securely storing passwords.