By Njeri Irungu,
18 March 2026,
Nairobi, Kenya.
Safaricom has announced a major data privacy upgrade to its mobile money platform, M-Pesa, introducing a data minimization feature aimed at strengthening customer security and control over personal information.
The update, set to take effect on March 24, 2026, follows regulatory approval from the Central Bank of Kenya and marks a significant step in Safaricom’s ongoing efforts to embed privacy-by-design across its services.
Under the new system, personal details shared during person-to-person (P2P) transactions will be limited. Recipients will now only see the sender’s first and last name, as per their identification, while the middle digits of the phone number will be masked. This replaces the previous system where full names and phone numbers were visible.
The feature will also extend to merchant payments, including Till and PayBill transactions, reducing the exposure of customer data across the M-Pesa ecosystem. Transaction notifications to merchants will similarly display only partial phone numbers instead of full contact details.
Speaking during the announcement, Safaricom CEO Peter Ndegwa said the move reflects the company’s commitment to protecting users in an increasingly digital economy.
“M-PESA has become a critical part of our daily social and economic lives. Protecting customer information is therefore extremely important for us,” he said.
The new update also introduces a consent-based system for accessing full sender details. Customers who wish to view complete information can send a request via SMS to 334. If approved by the sender, the full phone number will be shared, typically within a 24-hour window.
Safaricom’s Head of Customer Privacy, Sharon Holi, noted that the initiative is a response to growing customer concerns about privacy when transacting.
“We have received feedback from customers about the visibility of their personal information, especially when making payments to people they may not know well. This feature gives them greater control,” she said.
Holi explained that the update is part of a broader journey that began in 2020 with the introduction of phone number protection for Pochi La Biashara users. Since then, Safaricom has progressively strengthened its data protection framework.
Key milestones include restricting internal access to customer data in 2021, masking phone numbers in M-Pesa statements in 2022, and implementing API-level controls in 2024 to ensure third-party partners only access essential information.
The latest rollout builds on these efforts by extending protection to everyday transactions such as paying for transport, tipping service providers, or making small payments to individuals where sharing a phone number may not be necessary.
Despite the changes, Safaricom emphasized that phone numbers will remain the primary identifier for transactions within the M-Pesa ecosystem, with no plans to replace them.
The development comes alongside Safaricom’s broader Fintech 2.0 upgrade, the most significant overhaul of the platform since its launch. The upgraded system leverages artificial intelligence and a microservices architecture to enhance efficiency, scalability, and security.
According to the company, M-Pesa currently processes more than 37 million P2P transactions daily, valued at over KSh 2 billion.
Additional features introduced under the Fintech 2.0 framework include wallet-sharing functionality through Shiriki Pay, enhanced anti-fraud systems, and improved integration capabilities via upgraded APIs.
Safaricom has also deployed AI-powered tools to detect and prevent fraud, alongside strengthened authentication measures to address risks such as SIM swap fraud. The company handles approximately one million SIM swap requests each month, with only a negligible number linked to fraudulent activity.
Ndegwa emphasized that safeguarding customer data requires a collective effort beyond corporate responsibility.
“Data protection is bigger than one organization. It is a nationwide conversation that requires collaboration between industry players, regulators, and government agencies,” he said.
He also urged Kenyans to remain mindful of their digital footprint in everyday interactions, noting that data privacy extends beyond financial transactions to all aspects of daily life.
