Recent exploits of large corporate servers have once again raised questions about how safe customer data actually is when stored on web servers. The incident that led to 450,000 Yahoo Voices (formerly Associated Content) user accounts being exposed is definitely cause for concern. For those users, it might have been enough for them to simply change their passwords after the incident. But if the same thing had occurred for a company that stored credit card numbers or other more costly data, it would be very bad indeed.
Many sites store customer and user data in MySQL databases. A clever SQL injection script could conceivably grant an unauthorized user access to that database. There is, however, a way to prevent hackers from at least being able to immediately use any data they gather from an attack: encryption. Had those Yahoo! email addresses and password been encrypted, the data might have been useless to anyone who gained access to it.
On your e-commerce website, you should definitely consider using some form of database encryption to help prevent this sort of attack from being costly to your customers. It will not stop an attack; for prevention you should look at other solutions, but by encrypting the most sensitive data, you add another layer of security to your database.
To get started with encryption, you do not even have to look outside of MySQL. It comes with a built-in encryption feature called AES_ENCRYPT. There are also other third-party encryption tools that may or may not be more advanced than MySQL’s default tool.
Encryption of passwords, usernames, or even credit card information can save your customers a potentially huge headache. Furthermore, it could also save your business and keep your customers coming back for more of your service or products.