How Safaricom Is Helping Customers Better Protect Their Personal Data


Every day, millions of Kenyans use their phones to send money through M-PESA, pay bills, access banking services, shop online and communicate with family, friends and businesses.

Those digital conveniences have made everyday life easier, but they have also made personal information more valuable than ever. Learning how to protect your personal data online is no longer just good practice. It is an essential part of staying safe in an economy where so many daily activities begin with a smartphone.

Cybercriminals are becoming more sophisticated. Phishing messages, fake customer care accounts, AI-generated scams and SIM swap fraud are designed to look convincing, often exploiting trust rather than technical weaknesses. At the same time, organisations are handling larger volumes of customer information and are under growing pressure to protect it responsibly.

That is why data privacy has become more than a compliance issue. It is about giving customers confidence that they can use digital services without unnecessarily exposing their personal information. Across Kenya, companies such as Safaricom have responded by introducing new privacy features while continuing to educate customers on how to recognise fraud and keep their accounts secure. The responsibility, however, does not rest with businesses alone. Customers also play a critical role in protecting their own information.

Why Data Privacy Matters in Everyday Life

Every interaction leaves behind a digital footprint.

JOIN OUR TECHTRENDS NEWSLETTER

Opening a mobile money account, ordering food online, requesting a ride, shopping through an e-commerce platform or signing up for a newsletter all involve sharing personal information. Much of that information is necessary for organisations to verify identities, process payments, provide customer support and meet legal obligations.

Problems arise when that information falls into the wrong hands.

A phone number may seem harmless until it is used to impersonate customer support. An email address can become the starting point for phishing attacks. A one-time password shared in haste can provide criminals with access to financial accounts.

As digital services become woven into everyday life, protecting personal data also means protecting access to money, communications and identity.

What Counts as Personal Data?

Many people associate personal data with national identification numbers or bank details, but the definition is much broader.

Personal data includes any information that can identify an individual, either directly or when combined with other details.

This can include your full name, mobile phone number, national ID or passport number, email address, home or business address, and date of birth. It also encompasses financial information, M-PESA transaction records, biometric information such as fingerprints or facial recognition, device location, and online usernames and passwords. Ultimately, even information that appears ordinary can become valuable when combined with data from other sources.

Why Companies Collect Customer Information

Organisations collect personal information for legitimate business purposes.

Banks need to verify identities before opening accounts. Mobile network operators require customer details to activate SIM cards and comply with regulations. Online retailers use delivery addresses to fulfil orders, while digital service providers rely on customer information to improve products and resolve support requests.

Responsible organisations should also explain why they are collecting information, how it will be used, who will have access to it and how long it will be retained.

Transparency helps customers make informed decisions before sharing their information.

How Organisations Protect Customer Data

Protecting customer information extends well beyond locking databases behind passwords.

Many organisations now combine encryption, access controls, identity verification, fraud monitoring and secure authentication to reduce the risk of unauthorised access. Increasingly, they are also adopting data minimisation, collecting and exposing only the information needed to complete a specific task.

Safaricom has described this approach as privacy by design, meaning privacy considerations are built into products and services from the outset rather than added later.

One example is the company’s Peer-to-Peer (P2P) data minimisation feature introduced for M-PESA transfers. Instead of displaying a sender’s full phone number after a transaction, recipients now see only the sender’s first and last name together with a partially masked mobile number. If additional details are genuinely required, the recipient must request access through a secure verification process, and the sender decides whether to grant consent.

The change addresses a common complaint from customers who had experienced unwanted calls or messages after sending money to people they did not know, such as boda boda riders, shop attendants or casual service providers.

It also reflects a broader principle that privacy is not simply about preventing cyberattacks. It is about limiting unnecessary exposure of personal information in everyday digital interactions.

Understanding Your Rights as a Customer

Protecting personal data is not solely the responsibility of organisations.

Kenya’s Data Protection Act gives individuals important rights over how their personal information is collected, processed and stored.

Customers have the right to understand why their information is being collected, how it will be used, and who it may be shared with. Additionally, they have the right to know how long that information will be retained, how to request corrections if the data is inaccurate, and when their consent is required before their information can be shared beyond its original purpose.

Understanding these rights helps customers ask better questions before handing over sensitive information and encourages organisations to remain accountable for how they manage customer data.

Common Online Threats Every Kenyan Should Know

Phishing Scams

Phishing remains one of the most common ways criminals steal personal information. Fraudsters send SMS messages, emails, social media posts or WhatsApp messages that appear to come from trusted organisations, asking customers to click a link, verify an account or provide login credentials.

Many of these scams create a sense of urgency by claiming an account has been suspended, a payment has failed or a security check is required. Acting without verifying the request can expose passwords, PINs and one-time verification codes.

If you receive an unexpected message claiming to be from your bank, a mobile money provider or another service you use, take a moment to confirm it through the organisation’s official website, app or customer care channels before responding.

AI Scams and Deepfakes

Artificial intelligence has made online fraud more convincing than ever.

Criminals can now generate realistic voices, images and videos that imitate public figures, colleagues, family members or customer support representatives. Some scams even use AI-generated conversations to persuade victims to send money or reveal sensitive information.

The best defence is to slow down and verify unexpected requests independently, especially if they involve payments, account verification or confidential information.

SIM Swap Fraud

SIM swap fraud occurs when criminals trick a mobile service provider into transferring your mobile number to another SIM card under their control.

Once they gain access to your number, they may intercept one-time passwords used to verify banking transactions, reset passwords or access mobile money accounts.

If your phone suddenly loses network service without explanation or you receive notifications about changes you did not request, contact your mobile service provider immediately.

Fake Customer Care Accounts

Social media has made it easier for criminals to impersonate legitimate customer support teams.

Fraudsters often respond to customer complaints before the real company has a chance to reply, asking victims to continue conversations through direct messages or provide account details.

Safaricom has repeatedly advised customers to interact only with its verified customer care channels. Genuine support teams will never ask for your M-PESA PIN, passwords or one-time verification codes.

If someone claiming to represent a company requests confidential information, treat it as a warning sign.

Public Wi-Fi Risks

Free public Wi-Fi is convenient, but unsecured networks can expose sensitive information if used carelessly.

Avoid accessing online banking platforms, mobile money services or accounts containing personal information while connected to public Wi-Fi unless you are using a trusted, secure connection.

If possible, use your mobile data when carrying out financial transactions.

Simple Habits That Help Keep Your Information Safe

Protecting personal information does not always require advanced technical knowledge. Small, consistent habits can make a significant difference.

Start by creating strong, unique passwords for important accounts. Avoid using the same password across multiple services, as one compromised account can place others at risk. Password managers can help generate and store complex passwords securely.

Enable two-factor authentication wherever it is available. Requiring a second verification step makes it more difficult for criminals to access accounts even if a password has been compromised.

Keep your phone, apps and operating system updated. Software updates often include important security fixes that protect against newly discovered vulnerabilities.

Be cautious before scanning QR codes or clicking unfamiliar links, particularly those shared through unsolicited messages or social media.

Review your privacy settings periodically so you understand what information apps and online services can access.

Most importantly, never share your PIN, passwords or one-time verification codes with anyone, regardless of who they claim to represent.

How Safaricom Is Building Privacy Into Everyday Services

As digital services become central to everyday life, protecting customer information has become part of delivering a reliable customer experience.

Safaricom has introduced several measures designed to reduce unnecessary exposure of personal information while strengthening account security.

The company’s P2P data minimisation feature masks customers’ phone numbers during eligible M-PESA transfers, helping reduce unwanted contact after transactions while giving customers control over whether additional information is shared.

Safaricom has also continued improving security across its digital platforms. Updates to My OneApp have introduced biometric authentication for supported transactions, broader access across Wi-Fi, roaming and other mobile networks, and zero-rated access after an internet connection is established. While these enhancements improve convenience, they also make it easier for customers to securely access essential services wherever they are.

Alongside product improvements, Safaricom continues to educate customers about recognising scams, protecting account credentials and reporting suspicious activity through official support channels.

The goal is not only to provide digital services, but to help customers use them safely.

Staying Safe Is a Shared Responsibility

Technology alone cannot eliminate online fraud.

Organisations have a responsibility to protect customer information through secure systems, transparent data practices and thoughtful product design. Customers also play an equally important role by staying alert, protecting their credentials and verifying unexpected requests before responding.

Whether you are sending money through M-PESA, managing your account in MySafaricom, shopping online or simply browsing the internet, taking a few extra moments to confirm who you are dealing with can prevent significant financial and personal loss.

Good digital security is built through everyday habits rather than one-time actions. Understanding what personal data is, recognising common scams and using trusted channels all help reduce risk.

As Kenya’s digital economy continues to grow, protecting your personal information is no longer just about privacy. It is about maintaining confidence in the digital services that millions of people rely on every day.

Download the free Kaspersky SMB Cybersecurity Guide here to learn how businesses can move beyond traditional antivirus and build a more resilient approach to cybersecurity.

Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world.

Follow us on WhatsAppTelegramTwitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke

Facebook Comments

FORUM

By George Kamau

I brunch on consumer tech. Send scoops to george@techtrendsmedia.co.ke
Back to top button
×