I once worked for a security company that dealt with high-end financial institutions like banks and insurance companies. A manager of a bank was boasting at his regional team meeting about how secure his set-up was. So his bosses had a conference on security that he was invited along to. All the participants had to sign an agreement saying they consented to having their bank account penetration tested. The conference started at 9am with coffee etc. By lunch break at 1pm, my team had (using social engineering and a couple of techie tricks) gained control of his bank account, applied for a mortgage, cloned his card and withdrew £500 from a teller. At his own branch. When the attendees returned from lunch my boss gave a presentation on how easy it was to hack an account using this guy as an example. A morning's work and my boss invoiced the bank for £55k after tax. We were all in the pub for 4pm with a hefty bonus in our pockets. Fun times, but it's made me hyper-vigilant when it comes to my banking.