A major privacy upgrade is set to redefine person-to-person transactions on Kenya’s M-PESA platform, as Safaricom rolls out measures to reduce exposure of sensitive customer information while maintaining transaction efficiency.
Dr. Peter Ndegwa, Group CEO of Safaricom PLC, announced the enhancement as the mobile money service marks its 19th anniversary, reflecting the telecom’s broader commitment to embedding privacy by design across its widely used financial ecosystem, which now serves over 40 million users.
The update introduces a system where recipients will only see partial sender details, including two names and a masked phone number.
If full information is required, recipients can submit a request within 24 hours, prompting the sender to approve sharing of their full name and mobile number via SMS.
Requests that go unanswered within two hours automatically expire, ensuring data is shared only with explicit consent.
The privacy rollout, approved by the Central Bank of Kenya (CBK) last month, operationalises data minimisation for peer-to-peer transactions in line with Kenya’s Data Protection Act, 2019.
Once fully implemented, the feature will extend to merchant payments, where businesses currently receive complete customer contact information, limiting potential exposure and reducing risks related to fraud, unsolicited contact, and social engineering attacks.
“M-PESA currently handles more than 37 million person-to-person transactions daily, valued at over KSh2 billion, demonstrating the scale of sensitive data exchanged across the platform,” said Ndegwa.
“Today, we extend data minimisation to P2P transactions. From March 24, recipients will only see two names and a masked number. This journey reflects our ongoing commitment to embedding privacy across our financial ecosystem.”
The initiative is supported by Safaricom’s Fintech 2.0 platform, which provides a secure, scalable infrastructure capable of supporting privacy-focused features at scale.
Enhanced authentication controls and artificial intelligence-based fraud detection, including safeguards against SIM swap risks, form part of the upgrade, strengthening both security and trust for millions of users.
The move builds on a multi-year strategy that has already limited merchant access to customer details, restricted internal staff visibility, and masked phone numbers on transaction statements.
It aligns with regulatory expectations for financial service providers to process only the data necessary for service delivery, as authorities tighten enforcement in response to rising consumer privacy complaints.
By implementing contact masking and consent-driven information sharing, Safaricom aims to reinforce privacy, reduce fraud risks, and create a safer digital financial environment, reinforcing M-PESA’s position as a secure, trusted pillar of Kenya’s mobile economy.
