In a significant step toward strengthening digital privacy in Kenya, Safaricom is gradually discontinuing the automatic display of full customer identities in mobile transactions. The updated M-Pesa interface now replaces complete contact details with a more advanced masking system, revealing only two names and a partially concealed phone number. By shifting from full visibility to controlled access, this move introduces a “privacy-by-default” approach, ensuring that sensitive personal information is disclosed only when absolutely necessary to complete a transaction.
This strategic shift ensures that M-Pesa transactions remain fully transparent without compromising individual privacy. While core financial data remains visible to maintain an accurate audit trail, sensitive personal contact details are now shielded by default. Full identity disclosure is no longer an automatic by-product of a payment; instead, it is a controlled process reserved strictly for instances where legitimate further verification is required.
Safaricom is transitioning toward a consent-based verification model, introducing a feature that empowers recipients to confirm a sender’s identity only when necessary. Under this new protocol, if a recipient needs to verify the specific details of a transaction, they can initiate a formal request by forwarding the transaction message to the shortcode 334. This mechanism replaces automatic data disclosure with a structured, request-only process that prioritises user privacy.
This new framework shifts the balance of power directly to the sender, who maintains full control over their personal information. When a verification request is initiated, the sender receives an automated SMS seeking their permission to disclose their full name and mobile number. Even after a request is made, the sender retains the explicit right to either confirm or decline the disclosure. If they choose to decline, the recipient is simply notified of the decision, and the sensitive data remains strictly protected and unreleased.
To ensure the integrity of this new privacy framework, Safaricom has integrated robust security guardrails designed to prevent the verification system from being exploited. Access to personal information is strictly controlled through a “one request per transaction” limit, which effectively curtails any potential for repetitive data harvesting. Furthermore, these requests are time-sensitive and remain valid for only 24 hours, ensuring that data access is purely temporary and restricted to the immediate context of the transaction — providing a secure layer of protection for all users.
To maintain clarity, key details such as the transaction number, amount, and date remain visible, ensuring that both parties can still keep accurate records.
By placing consent at the centre of the M-Pesa experience, Safaricom is reinforcing digital trust between the platform and its users. This approach allows customers to carry out mobile transactions with greater confidence, knowing they have full control over their personal information. Furthermore, these privacy-focused measures help build a stronger and more transparent financial ecosystem, where protecting consumers remains a key priority.
Mark your calendars! The GreenShift Sustainability Forum is back in Nairobi this August. Join innovators, policymakers & sustainability leaders for a breakfast forum as we explore sustainable solutions shaping the continent’s future. Limited slots – Get your early bird tickets now – here. Email info@techtrendsmedia.co.ke for partnership requests.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
