The Central Bank of Kenya (CBK) has officially approved Safaricom’s request to mask phone numbers and full names during M-Pesa transactions to enhance user privacy and data security.
Key Details of the Privacy Update
- Transaction Coverage: The masking will apply to Till numbers (Buy Goods), PayBill payments, and peer-to-peer (P2P) transfers.
- Data Masking: Recipients will only see the sender’s first name and a partially hidden phone number (e.g., 07XX XXX XXX or 0718XXXXXX).
- Consent Mechanism: If a recipient requires the full phone number, they must request it through the system; the sender can then choose to consent or decline the request.
- Verification: Merchants are expected to verify payments using specialized tools such as the M-Pesa Business App or integrated point-of-sale systems rather than viewing the customer’s full details on a phone screen.
Reasons for the Move
This regulatory shift aligns with the Kenya Data Protection Act 2019 and addresses several consumer protection concerns:
- Fraud Reduction: Prevents data harvesters from collecting numbers for scams or identity theft.
- Spam Prevention: Curtails unsolicited marketing messages from merchants who previously saved customer numbers without consent.
- Data Minimisation: Follows CBK’s National Payments Strategy 2022–2025, which mandates that companies only collect and share necessary data for service delivery.
Rollout and Next Steps
The Central Bank of Kenya has directed Safaricom to conduct public awareness campaigns before a full rollout to ensure users and merchants understand the new system. Safaricom is also required to submit monthly compliance reports to the regulator during the implementation phase.
