Safaricom is rolling out a major privacy upgrade to M-Pesa that will change how customer information is shared in transactions.
Starting March 24, M-Pesa users will see less personal information in transaction notifications, with Safaricom introducing data minimisation across peer-to-peer payments.
With data minimization, only two names (first and last) will be displayed and the phone numbers will be partially masked (e.g. 0722***000). Key transaction details like amount, date and reference number will remain unchanged.
Why Make the Changes
According to Sharon Holi, the move is driven directly by customer concerns.
“We receive regular feedback from our customers… one of the key questions is: how do we keep our identities safe when we transact?”
She explained that while identity is deeply personal and often tied to multiple names and family heritage, full identity disclosure is not necessary for completing transactions.
“From a transaction point of view, the first name and the last name are all you really need.”
Unwanted Calls and Data Misuse
One of the biggest issues Safaricom is addressing is what happens after a transaction is completed.
Customers have reported receiving unsolicited calls, being contacted after making payments and exposure to potential scams
By masking phone numbers, Safaricom aims to limit how easily this information can be captured and reused.
“People have had a habit of contacting you after you make payments. We want to avoid that as much as possible,” Holi said.
Safaricom leadership says the move is part of a broader effort to strengthen trust as digital transactions continue to scale.
According to Peter Ndegwa, protecting customer data is becoming just as important as enabling seamless payments.
“As more Kenyans rely on M-Pesa for everyday transactions, we must ensure that convenience does not come at the cost of privacy,” he said.
“This is about giving customers confidence that their data is secure, while still delivering the simplicity they expect from M-Pesa.”
Safaricom is also giving users control over whether to reveal their full details. A recipient can request full details by sending the transaction message to 334. The sender will receive a prompt asking for consent. The full name and number will be shared if the request is approved and declined if the request is rejected.
To prevent abuse, only one request per transaction is allowed and the the request is valid for 24 hours.
Despite the reduced visibility of personal data, Safaricom says key processes will remain intact. Reversals rely on transaction codes and not names or phone numbers so they will still work normally.
The update comes as M-Pesa continues to grow with over 137 million daily transactions and 14.1 million daily active P2P users. A small data exposure risk can have wide-reaching consequences at this level.
The new data minimisation feature is set to go live on March 24, 2026.
For these and more stories, follow us on X (Formerly Twitter), Facebook, LinkedIn and Telegram. You can also send us tips or reach out at info@techarena.co.ke.
Also Read: Safaricom Set to Launch M-Pesa Tap-to-Pay in Kenya After Tanzania Rollout