If you want ensure that sensitive data is masked when presented to the end user, you could change every single application and report ... or you could just do it in one place in the database.

1. 1
12c

2. 2
the focus ...
the day to day stuff

3. Feature
data redaction

4. SQL> desc ACCOUNTS
Name Null? Type
----------------------------- -------- ------------
ID NUMBER(8)
NAME VARCHAR2(30)
EMAIL_ADDRESS VARCHAR2(30)
SQL> select * from ACCOUNTS;
ID NAME EMAIL_ADDRESS
-------- -------------------- -------------------
1 Suzanne suzy_q@yahoo.com
2 John Smith john.smith@hotmail.com
...

5. SQL> begin
2 dbms_redact.add_policy (
3 object_schema => user,
4 object_name => 'ACCOUNTS',
5 column_name => 'EMAIL_ADDRESS',
6 policy_name => 'diddle_email',
7 expression =>
8 q'{SYS_CONTEXT('USERENV','ISDBA')='FALSE'}',
9 function_type => dbms_redact.regexp,
10 regexp_pattern =>
11 dbms_redact.re_pattern_email_address,
12 regexp_replace_string =>
13 dbms_redact.re_redact_email_name,
14 regexp_position => dbms_redact.re_beginning,
15 regexp_occurrence => dbms_redact.re_all
16 );
17 end;
18 /
lots of options here

6. SQL> conn scott/tiger
Connected.
SQL> select * from ACCOUNTS;
ID NAME EMAIL_ADDRESS
-------- -------------------- -------------------
1 Suzanne xxxx@yahoo.com
2 John Smith xxxx@hotmail.com
...

7. SQL> conn system/manager
Connected.
SQL> select * from ACCOUNTS;
ID NAME EMAIL_ADDRESS
-------- -------------------- -------------------
1 Suzanne suzy_q@yahoo.com
2 John Smith john.smith@hotmail.com
...

8. 8
examples

9. SQL> SELECT *
2 FROM demo.customers
3 ORDER BY id;
CUSTOMER_ID CARD_NO CARD_STRING EXPIRY_DA SEC_CODE
----------- ----------------- ------------------- --------- ----------
4000 1234123412341234 1234-1234-1234-1234 05-MAY-16 123
4001 2345234523452345 2345-2345-2345-2345 05-MAY-16 234
4002 3456345634563456 3456-3456-3456-3456 05-MAY-16 345
4003 4567456745674567 4567-4567-4567-4567 05-MAY-16 456
4004 5678567856785678 5678-5678-5678-5678 05-MAY-16 567

10. SQL> BEGIN
2 DBMS_REDACT.add_policy(
3 object_schema => 'DEMO',
4 object_name => 'CUSTOMERS',
5 column_name => 'CARD_NO',
6 policy_name => 'REDACT_CARD_INFO',
7 function_type => DBMS_REDACT.full,
8 expression => '1=1'
9 );
10 END;
11 /
PL/SQL procedure successfully completed.
SQL> SELECT *
2 FROM demo.customers
3 ORDER BY id;
CUSTOMER_ID CARD_NO CARD_STRING EXPIRY_DA SEC_CODE
----------- ----------------- ------------------- --------- ----------
4000 0 1234-1234-1234-1234 05-MAY-16 123
4001 0 2345-2345-2345-2345 05-MAY-16 234
4002 0 3456-3456-3456-3456 05-MAY-16 345
4003 0 4567-4567-4567-4567 05-MAY-16 456
4004 0 5678-5678-5678-5678 05-MAY-16 567

11. SQL> BEGIN
2 DBMS_REDACT.alter_policy (
3 object_schema => 'DEMO',
4 object_name => 'CUSTOMERS',
5 column_name => 'CARD_NO',
6 policy_name => 'REDACT_CARD_INFO',
7 action => DBMS_REDACT.modify_column,
8 function_type => DBMS_REDACT.partial,
9 function_parameters => '1,1,12'
10 );
11 END;
12 /
PL/SQL procedure successfully completed.
SQL> SELECT *
2 FROM demo.customers
3 ORDER BY id;
CUSTOMER_ID CARD_NO CARD_STRING EXPIRY_DA SEC_CODE
----------- ----------------- ------------------- --------- ----------
4000 1111111111111234 1234-1234-1234-1234 05-MAY-16 123
4001 1111111111112345 2345-2345-2345-2345 05-MAY-16 234
4002 1111111111113456 3456-3456-3456-3456 05-MAY-16 345
4003 1111111111114567 4567-4567-4567-4567 05-MAY-16 456
4004 1111111111115678 5678-5678-5678-5678 05-MAY-16 567

12. SQL> BEGIN
2 DBMS_REDACT.alter_policy (
3 object_schema => 'DEMO',
4 object_name => 'CUSTOMERS',
5 column_name => 'CARD_STRING',
6 policy_name => 'REDACT_CARD_INFO',
7 action => DBMS_REDACT.add_column,
8 function_type => DBMS_REDACT.partial,
9 function_parameters => 'VVVVFVVVVFVVVVFVVVV,VVVV-VVVV-VVVV-VVVV,#,1,12'
10 );
11 END;
12 /
PL/SQL procedure successfully completed.
SQL>
SQL> SELECT *
2 FROM demo.customers
3 ORDER BY id;
CUSTOMER_ID CARD_NO CARD_STRING EXPIRY_DA SEC_CODE
----------- ----------------- ------------------- --------- ----------
4000 1111111111111234 ####-####-####-1234 05-MAY-16 123
4001 1111111111112345 ####-####-####-2345 05-MAY-16 234
4002 1111111111113456 ####-####-####-3456 05-MAY-16 345
4003 1111111111114567 ####-####-####-4567 05-MAY-16 456
4004 1111111111115678 ####-####-####-5678 05-MAY-16 567

13. SQL> BEGIN
2 DBMS_REDACT.alter_policy (
3 object_schema => 'DEMO',
4 object_name => 'CUSTOMERS',
5 column_name => 'EXPIRY_DATE',
6 policy_name => 'REDACT_CARD_INFO',
7 action => DBMS_REDACT.add_column,
8 function_type => DBMS_REDACT.partial,
9 function_parameters => 'm1d1Y'
10 );
11 END;
12 /
PL/SQL procedure successfully completed.
SQL> SELECT *
2 FROM demo.customers
3 ORDER BY id;
CUSTOMER_ID CARD_NO CARD_STRING EXPIRY_DA SEC_CODE
----------- ----------------- ------------------- --------- ----------
4000 1111111111111234 ####-####-####-1234 01-JAN-16 123
4001 1111111111112345 ####-####-####-2345 01-JAN-16 234
4002 1111111111113456 ####-####-####-3456 01-JAN-16 345
4003 1111111111114567 ####-####-####-4567 01-JAN-16 456
4004 1111111111115678 ####-####-####-5678 01-JAN-16 567

14. 14
take care with clients

15. SQL> desc ACCOUNTS
Name Null? Type
----------------------------- -------- ------------
ID NUMBER(8)
NAME VARCHAR2(30)
EMAIL_ADDRESS VARCHAR2(30)

16. SQL> declare
2 p_query varchar2(32767)
3 := 'select * from accounts';
4
5 l_cur int := dbms_sql.open_cursor;
6 l_descTbl dbms_sql.desc_tab;
7 l_colCnt number;
8 begin
9 dbms_sql.parse(l_cur,p_query,dbms_sql.native);
10 dbms_sql.describe_columns(l_cur,l_colCnt,l_descTbl);
11
12 for i in 1 .. l_colCnt loop
13 dbms_output.put_line(
14 rpad(l_descTbl(i).col_name,20)||
15 lpad(l_descTbl(i).col_max_len,6));
16 end loop;
17 end;
18 /
ID 22
NAME 30
EMAIL_ADDRESS 4000

17. 17
take care with security

18. SQL> create or replace
2 procedure HACKER is
3 buf varchar(40);
4 t char;
5 x number;
6 i number;
7 c number;
8 begin
9 i := 0;
10 c := 1;
11 while c < 17 loop
12 select count(*)
13 into x
14 from demo.customers
15 where substr(card_no,c,1)=to_char(i)
16 and customer_id = 4000;
17 if x > 0 then
18 c := c+1; buf := buf || to_char(i); i := 0;
21 else
22 i := i+1;
23 end if;
24 end loop;
25 dbms_output.put_line('CC: ' || buf);
26 end;
Procedure created.
SQL> exec HACKER
CC: 1234123412341234

19. 19
take care with price