Time flies with great content! Renew in to keep enjoying all our premium content.
Prime
M-Pesa contact masking kicks off in Safaricom privacy drive
Safaricom Group CEO Peter Ndegwa speaks during the half-year results announcement, for the financial year 2025/2026, at Safaricom's headquarters in Westlands, Nairobi, Kenya on November 6, 2025.
Safaricom will from next Tuesday begin masking phone numbers in person-to-person M-Pesa transactions, rolling out a long-delayed privacy feature approved by the Central Bank of Kenya (CBK) to curb exposure of customer data.
Under the new system, recipients will only see partial details including two names and a masked phone number, marking a shift toward limiting the amount of personal information shared during routine mobile money transfers.
The rollout operationalises a regulatory approval granted last month, where CBK cleared Safaricom to implement data minimisation across peer-to-peer transactions in line with Kenya’s data protection laws.
In its application, Safaricom had proposed a system that partially conceals a sender’s mobile number, with the option for recipients to request full details subject to user consent.
Once fully implemented, the feature will also extend to merchant payments, where businesses currently receive full customer phone numbers alongside transaction confirmations.
The shift comes against the backdrop of rising scrutiny over data privacy in Kenya’s fast-growing digital payments ecosystem, where mobile money platforms process billions of shillings daily.
Safaricom chief executive Peter Ndegwa said the rollout is part of a broader effort to embed privacy within the design of its financial services as usage scales.
“Today, we extend data minimization to person to person (P2P) transactions. From March 24, recipients will only see two names and a masked number,” said Ndegwa.
“This journey reflects our ongoing commitment to embedding privacy by design across our financial ecosystem.”
M-Pesa currently supports more than 37 million person-to-person transactions daily, valued at over Sh2 billion, illustrating the volume of sensitive personal data exchanged across the platform.
By masking phone numbers, Safaricom aims to reduce risks associated with misuse of customer information, including fraud, unsolicited contact and social engineering attacks.
The initiative builds on a multi-year data minimisation strategy that has progressively reduced the amount of customer information exposed across different layers of the M-Pesa ecosystem.
Earlier interventions included limiting data visibility for merchants on Pochi la Biashara accounts, restricting internal staff access to customer details, as well as masking phone numbers on transaction statements.
The push aligns with the Data Protection Act, 2019, which requires firms to collect and process only data that is necessary for service delivery.
Regulators have in recent years tightened enforcement of the law amid a surge in consumer complaints, with financial service providers accounting for a significant share of reported data breaches and misuse cases.
Safaricom says the rollout has been enabled by its recent “Fintech 2.0” platform upgrade, which introduced a more secure and scalable system capable of supporting privacy-enhancing features at scale.
The system also incorporates artificial intelligence tools for fraud detection and stronger authentication controls, particularly around SIM swap risks.
Unlock a world of exclusive content today!Unlock a world of exclusive content today!
