In oracle there are built in obfuscation routines so no need to code your own 🙂

Anyhow, I agree that encrypting data in the DB is not the best practice in the world. More time should be spend on

a) underlying roles and access to the DB

b) DB and backup file encryption

c) securing the server and associated sql*server service users

d) encrypting t-sql code

e) auditing

the trick is always credit-card id's etc. you need to carefully analyse your routines that check and report on such data. Perhaps consider views with instead of triggers etc..

The cost of writing encryption logic into a app to crypt data that can be cracked with simple routines is tough to justify.