I'm using SQL Server built in encryption security for some of my Data. Specifically I'm going to use Certificates because they seem easier to migrate from one server to another. Fine, no problem, I pretty much understand it all and anything I don't understand I can figure out.
Here is something I'm not understanding. Let's say someone breaks into my DB Server and Then breaks into one of my DB's. They go into a table, see encrypted Credit Card data and then start fishing through my Stored Procedures. They find the SP's i use to encrypt and decrypt the CC numbers. Now they know exactly what Cert I use to do this with. Since they are already in My DB, all they need to do is run my decrypt SP, and they have all those CC numbers. WHAT AM I MISSING. I know something in my logic is wrong or else encryption wouldn't be secure really at all. Explain to me how I need to set this up to stop what I'm talking about from happening or explain to me why what i'm talking about won't happen.