Safaricom Takes a Bold Step in Data Privacy with M-PESA Overhaul

A small tweak to the transaction screen, but a giant leap for data privacy: Safaricom reshapes the future of mobile money, one masked number at a time.

Every day, M-PESA processes an astonishing 37 million transactions, creating the backbone of Kenya's economy by facilitating billions in transfers between individuals and businesses. Yet, until recently, each of these person-to-person transfers carried a complete digital fingerprint—revealing not only the sender's full name but also their full mobile number. This has now changed.

In a major privacy overhaul, Safaricom has introduced a groundbreaking feature aimed at minimizing the data exposure of its users. The telecom giant has begun rolling out a feature that partially masks the sender’s phone number in transaction notifications—an update that promises to reshape how we think about mobile money privacy.

Rather than recipients seeing a full phone number like 0722002100, they will now receive a masked version, such as 0722**100*, along with only two of the sender's names. This move, which initially went live in March 2026, is set to impact the bulk of M-PESA transactions. In fact, peer-to-peer (P2P) transfers represent 64% of all M-PESA activity, underscoring the significance of this change.

While the update has been framed by Safaricom as a proactive move to align with the Data Protection Act 2019, it is not in response to any specific complaint or regulatory issue. The update is part of the company’s ongoing efforts to enhance privacy and reduce the risk of personal data misuse on its platform, a commitment reflected in their continued efforts to improve data minimisation across their services.

A Small Change with Big Implications

For millions of Kenyans, M-PESA has long been the circulatory system of both the formal and informal economy, with over 14.1 million active daily users of the Send Money feature. Each of these transactions involves sensitive personal information, which, until now, has been fully visible to recipients.

This latest update is more than just an aesthetic change to the transaction interface. It embodies the principle of data minimisation, an emerging global standard in data privacy regulations. Under this principle, systems should only collect and display the minimum amount of personal data necessary to fulfil a function. In this case, recipients only need to know that money has arrived, and from whom—not the full details of the sender.

By masking phone numbers, Safaricom is actively working to reduce the risks of fraud that often stem from the exposure of sensitive personal details. Scammers have long exploited full mobile numbers, collecting them from incoming SMS notifications to build databases for scam calls and other forms of social engineering. This change significantly limits that vulnerability.

New Consent Mechanism for Transparency

While the masked data will reduce risks for most recipients, there are instances where full sender information may still be required. For those situations, Safaricom has introduced a new consent-based verification mechanism. This feature allows a recipient to request the full details of the sender by texting a short code—334. Once a request is made, the sender receives a prompt asking whether they wish to disclose their full name and phone number. If they consent, the recipient receives the details; if not, the recipient is notified of the refusal.

Importantly, each request is tied to a specific transaction and expires after 24 hours. This ensures that the decision to share personal information is entirely in the hands of the sender, providing an additional layer of privacy protection.

A Vision for the Future of Mobile Money

This latest update follows Safaricom’s ongoing journey towards enhanced data protection. The company began its push for data minimisation in 2020 with its Pochi la Biashara service, followed by similar measures applied to M-PESA statements in 2022 and to Buy Goods and Pay Bill API transactions in the years since. With the Send Money update, Safaricom has now implemented its highest-volume application of this principle, impacting the most sensitive layer of mobile money use.

For a platform that touches nearly every aspect of life in Kenya, these changes are far from trivial. They reflect a broader, global movement towards privacy, security, and the responsible handling of user data. By placing more control in the hands of users and reducing unnecessary exposure of sensitive information, Safaricom is taking important steps toward shaping the future of mobile money with privacy at the forefront.

In a world where digital security is a growing concern, Safaricom’s decision to enhance the privacy of its mobile money service sends a strong message: small changes can have a big impact. By masking sender details in high-volume transactions, the company is actively safeguarding user data, empowering customers, and reinforcing its leadership in the mobile money space. For millions of Kenyans, this overhaul is a welcome step toward a safer and more private digital future.