Inferensys

Glossary

Change Data Capture (CDC)

A design pattern that identifies and captures row-level changes made to a source database and delivers them in real-time to downstream systems, enabling low-latency feature updates and stream processing.
Data engineer managing feature store on laptop, feature definitions visible, casual data engineering session.
DATA INTEGRATION PATTERN

What is Change Data Capture (CDC)?

Change Data Capture (CDC) is a design pattern that identifies, tracks, and delivers row-level modifications—inserts, updates, and deletes—from a source database to downstream systems in real-time, eliminating the latency and overhead of batch-based extraction.

Change Data Capture (CDC) is a software design pattern that identifies and captures granular changes made to a source database and delivers them in real-time to downstream systems. Unlike traditional batch SELECT queries that scan entire tables, CDC monitors the database's transaction log to detect INSERT, UPDATE, and DELETE operations as they are committed, enabling low-latency feature updates for real-time fraud scoring pipelines.

In a financial fraud context, CDC is critical for maintaining accurate feature stores without stale data. When a cardholder's address or risk profile is updated in the core banking system, CDC streams this mutation to the online inference layer, ensuring the risk scoring engine evaluates the current transaction against the latest entity state rather than an outdated snapshot, thereby preventing training-serving skew.

DATA CAPTURE MECHANISMS

Key Characteristics of CDC

Change Data Capture is defined by its ability to deliver low-latency, reliable, and minimally invasive data integration. The following characteristics distinguish CDC from traditional batch processing and define its utility in real-time fraud detection pipelines.

01

Log-Based Capture

The most efficient CDC method reads directly from the database transaction log. This approach captures row-level INSERT, UPDATE, and DELETE operations with minimal impact on the source database's performance.

  • Mechanism: Tails the native transaction log (e.g., MySQL binlog, PostgreSQL WAL, SQL Server T-Log).
  • Advantage: No schema changes or triggers required on source tables.
  • Overhead: Negligible CPU impact on the source, as it reads a sequential log file rather than querying tables.
02

Push vs. Pull Delivery

CDC solutions deliver changes using two primary models. Push-based systems actively send change events to a message broker like Apache Kafka, while pull-based systems require downstream consumers to query for changes.

  • Push Model: Ideal for real-time fraud scoring; events are streamed to the feature store immediately upon commit.
  • Pull Model: Used for periodic synchronization where consumers control the ingestion rate.
  • Pattern: In a fraud pipeline, the push model ensures a velocity check has the latest transaction count before authorization.
03

Exactly-Once Semantics

A critical guarantee for financial data integrity. CDC pipelines must ensure that a committed transaction is delivered to downstream systems exactly once, preventing duplicate feature updates or missed events.

  • Challenge: Network failures can cause retries, risking duplicate delivery.
  • Solution: Uses idempotency keys, transaction IDs, and checkpointing to deduplicate events.
  • Impact: Prevents a single transaction from being counted twice in a velocity check, which would falsely inflate risk scores.
04

Schema Evolution Handling

Source database schemas change over time. A robust CDC system integrates with a Schema Registry to manage backward and forward compatibility of serialized messages.

  • Format: Uses formats like Avro or Protobuf that support schema evolution rules.
  • Process: When a column is added to a source table, the CDC pipeline can propagate the new field without breaking downstream consumers.
  • Benefit: Allows the fraud model's feature store to ingest new data fields without a system-wide shutdown.
05

Change Event Structure

A CDC event is a structured message containing the full context of a data mutation. It includes both the state before and after the change.

  • Payload: Typically contains before and after image of the row, the operation type, and a source timestamp.
  • Metadata: Includes transaction log position (LSN), database name, and table name.
  • Use Case: The before image allows a fraud pipeline to calculate the delta of an account balance, while the after image updates the current state in the feature store.
06

Initial Snapshot & Streaming

CDC pipelines operate in two phases. First, an initial snapshot captures the full current state of a table. Then, it seamlessly transitions to streaming mode to capture ongoing changes.

  • Snapshot: Provides a baseline for stateful stream-table joins.
  • Transition: Uses a watermark or log position to switch from bulk load to real-time tailing without data gaps.
  • Relevance: Ensures a new fraud model feature, like a merchant risk profile, is fully hydrated with historical data before receiving live updates.
CDC ESSENTIALS

Frequently Asked Questions

Clear, technical answers to the most common questions about implementing Change Data Capture for real-time fraud detection pipelines.

Change Data Capture (CDC) is a design pattern that identifies and captures row-level changes—inserts, updates, and deletes—made to source database tables and delivers them in real-time to downstream systems. Instead of relying on expensive, periodic batch SELECT queries that scan entire tables, CDC operates by reading the database's native transaction log. In systems like PostgreSQL, this means decoding the Write-Ahead Log (WAL); in MySQL, it reads the binlog. The captured change events, which include both the before and after state of each modified row, are then published as a stream to a distributed log like Apache Kafka. This enables low-latency feature updates for online inference pipelines, ensuring that a fraud model's feature store reflects the most recent transaction history without imposing analytical query load on the operational database.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.