In modern conditions, the urgent problem of both banks and their customers is the threat of using information technology for criminal purposes, known as cybercrime. This is one of the most common types of economic crime in modern Ukraine. Cybercrime is considered to be a socially dangerous activity or inaction carried out by using modern technologies and computer equipment in order to harm the property or public interests of the state, enterprises, departments, organizations, cooperatives, public organizations and citizens, as well as individual rights. Cybercrime in the scientific literature outlines different types (groups) of crimes in the field of high computer technology, which are classified according to different criteria. However, cybercrime and cybercrime are not identified by many researchers. According to them, the obligatory sign of computer crimes is considered to be a tool for committing a crime - computer technology, while a sign of cybercrime is a special environment for committing crimes, ie cyberspace (the environment of computer systems and networks). Instead, the Law of Ukraine “On Basic Principles of Ensuring Cyber Security of Ukraine” adopted in 2017 went against this doctrine and equated the mentioned concepts, establishing the following definition: “cybercrime (computer crime) is a socially dangerous criminal act in cyberspace and / or with its use, the responsibility for which is provided by the law of Ukraine on criminal liability and / or which is recognized as a crime by international treaties of Ukraine "(paragraph 8 of Article 1). Also cited law in paragraph 9 of Art. 1 gave a normative definition of cybercrime, defining it as "a set of cybercrimes"

The current stage of development of the banking sector is characterized by an increase in the number and intensity of such criminal phenomena as fraud with payment cards via the Internet, as well as phishing. Scammers resort to various tricks that force users to disclose confidential information on their own, such as sending emails asking them to verify the registration of an account that contains a link to a website on the Internet that looks exactly like the design of known resources. Cyber attacks on electronic banking systems and official Internet sites and programs have become more frequent. For such crimes, social engineering is also used, which is now actively used on the Internet to obtain confidential information or one that is of great value. The perpetrator obtains it, for example, by gathering information about the employees of the object of the attack by means of a regular telephone call or by accessing their Internet sites. The dynamic development of the information society has given impetus to the spread of cybercrime, which is increasingly committed in Ukraine and is becoming more widespread every year. Criminals' interest in cyberspace is growing due to a number of factors, including lack of physical contact with the victim or a financial institution, promptness, anonymity, availability of computer equipment, remoteness of the object of criminal encroachment, and so on. 2

According to a study conducted by PwC in 2018, 31% of organizations in Ukraine suffered from cybercrime. 16% of Ukrainian respondents not only expect cyberattacks on their organizations in the next two years, but are also convinced that cyberattacks will be most significant for their organizations in terms of financial losses or other consequences. More than a third of Ukrainian organizations affected by cyberattacks have been affected by malware. As a result of cyberattacks, not only business processes of organizations were disrupted (according to 51% of Ukrainian respondents), but also significant losses were inflicted on organizations. Due to the growing level of development of tools, cybercrime requires less and less technical knowledge. Experts note that it is hackers who will displace terrorism in the near future and become the number one threat to countries, because, despite the fact that crimes take place in the virtual world, they cause real damage. It is the financial sector of the economy, including banks and their services, that is considered the most attractive to cybercriminals, and financial data is one of the most popular targets of cyberattacks, as its use allows criminals to make significant money. According to Interpol, the profits from cybercrime in the banking sector rank third in the world after the proceeds from drug trafficking and illicit arms trafficking. Kohut believes that stealing money simply from bank accounts or using stolen personal data is not the only motive behind the hacking of security systems. Such cyberattacks can often be aimed at undermining the reputation of a financial institution. DDoS attacks are also used to distract bank security services from fraudulent schemes and account hacking. Attacks are often carried out on the websites of large banks, which do not have adequate protection. According to experts, four out of five banking resources are currently vulnerable, and three out of four attacks are carried out through unsecured applications, and one small vulnerability can pose a threat to the entire financial institution. Recently, cybercriminals have been actively using mobile technology. Most mobile malicious applications are focused primarily on the theft of money - now there is a clear "banking" orientation of the development of mobile crimes. The creators of the virus monitor the development of mobile banking services and, if a smartphone is successfully infected, immediately check whether it is tied to a bank card.

The traditional subject of cybercrime is a bank card. According to the results of collection, processing and analysis by the Ukrainian Interbank Payment Systems Association of information provided by banks-users of the Exchange-Online system, the main domestic trends in the field of cybercrime in Ukraine are: ─ Skimming - a type of cybercrime committed by a skimming device to read information from plastic cards. As of 2013, 293 skimming devices were detected in ATMs of Ukraine. According to the representative of the Cyberpolice Department of the National Police Vitaliy Novik, in 2019, 100 skimming devices were found at Ukrainian ATMs, and 14 criminal cases were opened on 50 facts. ─ Fraud in remote banking systems (RBI) is a type of cybercrime, as a result of which criminals are able to track any banking transaction. Since 2013, the banking institutions have introduced a response scheme in the DBO system, which is able to detect and stop 90% of unauthorized money transfers.

In addition, there are the following types of cybercrime in the banking sector: 1. Phishing as a type of Internet fraud, through which criminals manage to obtain bank customers' data: theft of passwords, numbers, credit card details, bank accounts and other confidential information. Through phishing, the personal data of customers of online auctions, currency transfer or exchange services, online stores, etc. are extorted from trusting or inattentive users of the Internet. 2. Wishing - a type of fraud using a mobile phone. The fake message contains a request to call a certain number, while the subscriber reports confidential data on bank accounts. 3. Duplicate site as a mirror of a real site. During an online purchase with a bank card, the customer enters his data, and at this time, attackers withdraw funds from it. It is possible to prevent entering such a site if you follow the following measures: enter the site address manually; do not go to advertising sites; check if this site has a secure connection. It is interesting to classify cybercrimes according to the methods of interfering in the data transmission process:  interruption (blocking of the transmission process);  interception (illegal access to transmitted data);  modification (illegal change of data);  production (organization of a falsified communication session). 4. Also, the methods of committing cybercrime include: interception of passwords of other users, use of software errors and software bookmarks, use of errors of user identification mechanisms, use of imperfections of data transmission protocols, obtaining information about users by standard operating systems, blocking service functions of the attacked system.

V. Kozlov singled out four types of cybercrimes: unauthorized access, malicious viral modification, interception of information, and combined non-use. It is important to note that bank employees (so-called internal users) commit about 60% of crimes, while external entities - only 40%. In the course of "internal" inspections of violations of the order of banking operations, employees of bank security services are detected about 10-15% of fraud committed by authorized employees of banks. The consequences of cybercrime can be divided into three main groups: 1. distortion (unauthorized modification) of data, 2. infiltration of information, 3. denial of service (violation of access to network services).

Accordingly, the damage to the integrity, confidentiality and accessibility of information is inflicted. The consequence of a significant number of cybercrimes in the banking sector is a decrease in public confidence in the reliability of the financial system, the institution of banking secrecy, the reliability of personal data protection, as well as financial transactions using the latest technologies. At the same time, public distrust in financial services markets does not allow for the active use of free funds of citizens as investment resources aimed at economic development. A. Bukhtiarova and A. Gushcha propose to divide the consequences of cybercrime on the banking system into the following groups: financial, image (reputational), legal, technological.

Negative factors that reduce the effectiveness of the fight against cybercrime in Ukraine include: lack of sufficient state financial support for basic and applied domestic research in the field of preventing and combating cybercrime; Ukrainian production of competitive means of informatization and communication and their protection is slowly developing; informatization of state and commercial organizations is carried out mainly on the basis of foreign technology and computer technology (strategic technical and technological dependence on other states).

Cybercrime is by nature a cross-border phenomenon, which allows most scientists to point out that cybercrime is characterized by a maximum level of latency. The factors of cybercrime latency are as follows: 1. the complexity of the mechanism of cybercrime, combined with a very diverse field and criminal consequences, as well as "computer illiteracy" of most potential victims of cybercrime, their neglect of their security; 2. negative behavior of victims (eyewitnesses) of the crime, ie failure of the victim and persons who are aware of the crime to law enforcement agencies and failure to report the fact of committing a cybercrime; 3. shortcomings in the work of law enforcement agencies in responding to appeals and reports of cybercrime.

It is standard practice for organizations affected by cybercrime to report cyber-attack incidents to government or law enforcement agencies. However, 28% of organizations in Ukraine answered that they are unlikely or unlikely to report such facts to government or law enforcement agencies (compared to 12% of respondents worldwide). More than half (54%) of these respondents say they are not sure that law enforcement has the necessary qualifications in this area, and the other 41% do not trust law enforcement.

Ukraine is adopting relevant laws and other regulations governing relations in the field of combating cybercrime. As of the beginning of 2020, the regulatory framework of cyber security of Ukraine includes the following documents: the Constitution of Ukraine, the Criminal Code of Ukraine, the laws of Ukraine "On Basic Principles of Cyber Security of Ukraine", "On Information", "On Information Protection in Information telecommunication systems ”,“ On the Fundamentals of National Security ”and other laws, the Doctrine of Information Security of Ukraine, the Council of Europe Convention on Cybercrime and other international agreements, the binding nature of which was approved by the Verkhovna Rada of Ukraine.

At the same time, experts note the problem of imperfect legal regulation and implementation of criminal liability for cybercrime, inefficient activities of public authorities, whose powers include combating cybercrime and so on. The priority areas of cyber security of the banking system of Ukraine include, in particular, the protection of information resources of the bank, taking into account the practice of developed countries; creation of a system of training in the field of cybersecurity in banks; cyberspace monitoring for timely prevention of cyber threats; development of international cooperation in the field of cybersecurity; etc.

Based on the above, we can conclude that cybercrime is becoming more global, the latest technology contributes to the anonymity of criminals, and the prospect of rapid enrichment encourages more and more people to join this criminal activity. The banking system of Ukraine is one of the areas where the most widely and actively used modern capabilities of information technology and the Internet. And given that these technologies are used for remittances, this area is attracting more and more attention from criminals. Despite all the measures taken by individuals, firms, and the state, cybercrime continues to operate, increasing the profits of violators and reducing the content of the pockets of ordinary citizens to exist and evolve. That is why today it is especially important to review all existing measures and actively develop new ones that will bring greater benefits and more reliable protection against cybercriminals. Effective counteraction to cybercrime should combine a set of legal (legislative), technical, organizational and informational measures. 3

AES is a symmetric iterative block algorithm based on the principles of a new network of permutations. It has a new SQUARE architecture which is characterized by:  representation of the encrypted block in the form of a two-dimensional byte array;  encryption for one round of the entire data block (byte-oriented structure);  performing cryptographic transformations, both on individual bytes of the mass-vu, and on its rows and columns.

This provides diffusion of data simultaneously in two directions - in rows and columns. The SQUARE architecture is inherent, in addition to the AES cipher (RIJNDAEL), SQUARE ciphers (its name gave the name to the whole architecture), CRYPTON (one of the candidates for AES). General characteristics of AES: AES encrypts and decrypts 128-bit data blocks.

AES allows you to use three different keys with a length of 128, 192 or 256 bits (depending on the length of the key version of the cipher is denoted by AES-128, AES-192 or AES-256).

The number of rounds of encryption depends on the size of the key:  • length 128 bits - 10 rounds;  • length of 192 bits - 12 rounds;  • length 256 bits - 14 rounds.

All rounds, except the last, are identical. Let's see how the keys are created in the AES-128 version. The processes for the other two versions, except for minor changes, are the same. Figure 1 shows how to get 44 words from the source key.

Figure 1 shows the key extension scheme AES-128 version.

The first four words (w0, w1, w2, w3) are derived from the cipher key. The cipher key is represented as an array of 16 bytes (k0 to k15). The first four bytes (k0 to k3) become W0; the next four bytes (k4 to k7) become w1; and so on. In other words, the sequential connection (concatenation) of words in this group copies the key cipher. The rest of the words (wi) from i = 4 - 43 are obtained in the following ways: а)

(i mod 4)  0, wi  wi1  wi4

Then, according to Figure 1, this means that each word is derived from one left and one upper.

b) (i mod 4)  0, wi  t  wi4 ( 1 ) ( 2 )

Here t - is a temporary word, the result of the application of two processes, subword and rot-word, with the word wi-1 and the application of the operation excludes or the constant of the round Rсon. In other words, we have: t  SubWord(Rotword(wi1))  RCon i 4 ( 3 )

RotWord (rotate word) is a procedure similar to the ShiftRows conversion, but applies to only one line. The procedure takes a word as an array of four or four bytes and shifts each byte to the left with the conversion.

SubWord (substitute word) is a procedure similar to the SubBytes transformation, but applies to only one line. The procedure takes each byte in the word and replaces it with another. Each constant of the Rcon round is a 4-byte value, in which the right three bytes are always zero. Table 1 shows the values for the AES-128 version (with 10 rounds). RC9  x91  x8 mod prime  x4  x3  x  1  00011011 1B16 RC10  x101  x9 mod prime  x5  x 4  x 2  x  00110110 3616

The far left byte, denoted by RCi is xi-1, where i is the round number. The AES you-uses is not a given polynomial (x8 + x4 + x3 + x +1). 4

It is impossible to completely protect against cyberattacks. However, compliance with at least the minimum rules of network safety will significantly increase the chances that criminals will not break the system. When conducting transactions between banks or in the client-bank system in Internet banking, it is important to use cryptological ( 4 ) tools such as AES keys with different bit rates, and the higher the bit rate, the greater the protection. However, increasing the bit rate of the key is directly proportional to the performance of the system, so it is advisable to use from 128-bit key to 512-bits. Implementation of these security measures will only minimize the possibility of accidental unauthorized intrusion into the system. However, it is impossible to provide a full guarantee of avoidance of breakage. 5