Comment Re:"encrypted" my ass (Score 1) 51
Either way, it's highly unlikely the "encryption" scheme is much more sophisticated than a single XOR operation. Decrypting that field for a substantial portion of the database SELECT statements would be a huge overhead.
Or you encrypt the value you want to look for before using it in your WHERE clause. Unless the key is individually salted for each person, you can do a much quicker binary comparison with encrypted value against encrypted value. If it IS individually salted, you could store a hash to compare with rather than the full value, decreasing the amount of work that needs to be done. As far as I'm aware, performing a hash operation + compare would be quicker than full decryption + compare. If you don't salt the hash, it's even faster, though an attacker would be able to use a rainbow table then.
Besides, CSRs and billing would only need the encrypted data occasionally anyway. It wouldn't be a huge overhead to decrypt if you only run billing once a month - let it go overnight. You could even split it across the month, running portions at a time depending on the billing date for each customer.