Safaricom has roll out a significant upgrade to its M-PESA platform, introducing a Person-to-Person (P2P) data minimization enhancement, aimed at strengthening customer privacy.
The latest phase, featuring masking of mobile numbers in P2P transactions, will take effect on March 24, 2026 after receiving an approval from the Central Bank of Kenya.
Strengthening Privacy in Digital Transactions
As digital payments continue to grow across Kenya, protecting customer information has become increasingly critical. Data minimization ensures that only essential personal information is shared during transactions, reducing the risk of misuse while maintaining a seamless user experience.
Under the new update, M-PESA “Send Money” notifications will display partially masked phone numbers instead of full contact details. For example, a number will appear as 0722***000, limiting exposure of sensitive information.
However, the sender’s first two names will remain visible to ensure easy identification, while transaction details such as amount, date, and transaction number will remain unchanged for transparency.
New Verification Option via Code 334
To maintain trust and accountability, Safaricom has introduced a verification feature using code 334. Recipients can request to confirm a sender’s identity by forwarding the transaction message to 334. The sender will then receive an SMS prompt requesting consent to share their full name and phone number.
If the sender approves, the recipient receives complete details. If declined, the recipient is notified accordingly. Each transaction allows only one verification request, valid for 24 hours.
Reducing Fraud and Unwanted Contact
According to Safaricom, the masking feature is expected to significantly reduce spam calls, unsolicited messages, and post-transaction harassment. Fraudsters often exploit visible phone numbers from transaction messages for scams and social engineering attacks. By limiting access to full contact details, Safaricom aims to curb such risks.
Building Trust Through Data Protection
Speaking during a media briefing, CEO Peter Ndegwa emphasized the company’s responsibility to safeguard customer data as digital ecosystems evolve.
“Our responsibility responsibility is to safeguard customer information. And we play a critical role, not just as a commercial organization, but as a system for the country because we know how digital personal is.” said Ndegwa
He noted that protecting personal information is key to maintaining trust in mobile financial services.
Safaricom’s Head of Customer Privacy, Sharon Holi, highlighted that the initiative is driven by customer feedback and the need to balance privacy with user experience.
“We reduce the ability for fraudsters to get our information and we continue to build trust and demonstrate actively how we keep your information safe. This journey does not just begin today. When we first began thinking about our customer feedback, we must be very careful not to disrupt the whole ecosystem.” Sharon Holi, Head of Customer Privacy at Safaricom
CFO Esther Waititu added that enhanced data protection measures are central to ensuring customers feel safe using M-PESA.
“We want to ensure our customers feel safe as they use our products, with enhanced data protection and system upgrades driven by feedback, not compliance.” said Waititu
Advancing Compliance and Customer Confidence
The upgrade aligns with global data protection principles by minimizing personally identifiable information, including limiting visible names to two and masking phone numbers. Ultimately, the move reinforces Safaricom’s commitment to customer privacy, security, and trust in Kenya’s leading mobile money ecosystem.