Many web sites use a back end SQL engine for serving up data. Some Credit Card number thefts can be attributed to poor protection of web page interactions with a back end SQL server through injecting SQL statements into web requests.
A well written article called The Unexpected SQL Injection goes into detail on how SQL Injection happens, and how to prevent it.
Spend some time on the site. There are many other documents providing valuable information regarding the protection of internet based activity.