Financial institutions and their customers face a tough battle in the fight against fraud.
“The consumer and the bank have to be right 100% of the time,” says Erik Beguin, CEO and founder of $504 million Austin Capital Bank. “The fraudster has to be right just once, and the money’s gone.”
It’s a problem Beguin and his team worked five years to address. In July, the subsidiary of Austin, Texas-based Greenback Fincorp launched its solution: Fort Knox, a savings account designed to keep customers safe from schemes like phishing attempts, where a criminal gains access to a customer’s online banking credentials, or romance scams designed to trick someone into sending their life savings to a fraudster. Consumers lost $12.5 billion to fraud in 2024, a 25% increase from the prior year, according to the Federal Trade Commission. Of that, consumers reported sending $2.95 billion to imposters, with bank transfers and cryptocurrency payments resulting in the highest losses.
Fort Knox is a product few institutions would be likely to pursue, because it’s all about creating friction. For most banks, “the theme has been to try to make the end user experience easier,” says Ben LeClaire, a principal on the cybersecurity team at Plante Moran.
Here’s how Fort Knox works. Account holders must have a checking account with another financial institution, and customers can only transfer money to that external account. The bank calls this “intelligent closed-loop protection,” says Beguin. It slows down the movement of money — withdrawals are held for two business days — and prevents unauthorized transfers because any transaction must go through the security measures of two separate institutions. If the closed loop is somehow broken, the account goes into lockdown.
Fort Knox also leverages layers of security controls, including device-level and off-device biometrics and behavior analysis. Account numbers are hidden; a unique account number is provided for inbound deposits only. The true account number is incompatible with payments apps or other funds transfer systems, according to the bank. Fort Knox also keeps a proprietary blacklist of payment apps, banks, credit unions and neobanks with excessive risk profiles that cannot be linked to a Fort Knox account.
There’s no username and password combination, which Beguin says is less secure, especially as AI-based fraud grows more pervasive. The Finnish security platform Hoxhunt found in March 2025 that AI was 24% more effective than humans at waging phishing campaigns — calling this a “Skynet Moment” for social engineering, in reference to “The Terminator” movie series.
LeClaire has recently had conversations with community banks about moving away from passwords and toward behavioral analytics and AI to detect anomalies. He’s also seeing more interest in deploying QR code-based passkeys that use authenticator apps from providers like Microsoft and Google.
Austin Capital isn’t a traditional bank in pursuit of customer primacy, says Beguin. “I don’t have any lenders,” he says. “We have two lobby staff; we probably have two or three or four customers come in the lobby every day, and we probably open up [700 to] 900 accounts a day online.” In addition to Fort Knox and a standard suite of deposit accounts, the bank has credit builder products, a savings account for teens and a banking as a service line.
The bank’s credit building loans have served as a training ground for identifying fraud. “Credit building is an area that attracts a lot of fraudsters,” says Beguin. He and his team understand where pockets of fraud are occurring — which fraud rings are hitting which areas with what types of scams. “We have real-time, everyday fraud monitoring where something will indicate a flag, and then we have a team of fraud experts that will look at [it],” he explains. “Then we dive in, we run some additional analytics.”
Austin Capital has invested significant resources into the Fort Knox product. Of its 70 employees, more than 50 are technologists; that team built a side core and high security banking platform specifically for Fort Knox.
Beguin says Fort Knox is also implementing Kyber-1024 encryption, a post-quantum cryptographic algorithm, to protect against future threats. Experts expect quantum computing to one day make it easier for criminals to break traditional protections; so-called “harvest now, decrypt later” tactics mean bad actors are collecting encrypted data today to break into it later. Kyber is one of several quantum-resistant algorithms selected by the National Institute of Standards and Technology that can “withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in digital systems … such as online banking and email software,” according to a release.
The typical community bank hasn’t invested in those resources.
The Fort Knox product should appeal to customers who welcome additional friction if it means protecting their savings. Others might be unwilling to make that trade, but LeClaire thinks financial institutions could do a better job of communicating how they’re keeping customers safe. As the industry shifts from traditional protections like usernames and passwords and deploys real-time detection and alerts, “make sure [customers] know why these things are changing,” he says. “We do see improvements in terms of customer interaction, response rates and even complaints being better overall” due to those explanations.
Previous