Fraud can be described as a dishonest action to make a false statement in order to gain money or benefit from an individual or from an organization. It is also known as a scam or, more elegantly, as an economic offense. By any definition, it is a crime, which in the e-commerce network environment may cost businesses billions of dollars a year.

Fraud detection is a process that can use data mining techniques to detect fraudulent transaction, which is an increasing concern for many businesses. In this paper, we propose a comprehensive framework that mines fraudulent transactions of Card-Not-Present (CNP) in the e-payment systems. Although there are several fraud and intrusion detection systems in the market, however, they lack the required accuracy. Accuracy means that the model will have high detection rate (percentage of fraudulent transactions that are detected) and low false positive rate (percentage of normal transactions that the system falsely determines to be fraudulent). Therefore, there is a need for accurate and effective systems that can detect fraudulent activities and adapt to the changing behavior of both legitimate customers and fraudsters.

Two general categories of detection techniques have been developed: misuse and anomaly detections. In misuse detection, well-known fraudulent transactions are encoded into patterns, which are then used to match new transactions to identify the fraudulent ones. In anomaly detection, normal behavior of user and system activities are first summarized into normal profiles, which are then used as yardsticks, so that run-time activities that result in significant deviation from the user profiles are considered as probable fraudulent transactions. Anomaly detection can be divided into two subclasses; supervised anomaly detection which trains on normal data and then classify new data as normal or anomalous rely on the assumption that fraudster behavior is different from customer normal behavior; and unsupervised anomaly detection which trains on unlabeled data and then detect fraudulent activities rely on the assumptions that fraudulent transactions are very rare and different from normal transactions, so fraudulent transactions are outliers in the data and can be detected.