Safaricom is set to tighten privacy controls on M-Pesa by reducing the amount of personal information shared during person-to-person transactions, with the changes taking effect from March 24, 2026.
Under the update, recipients will no longer have access to full names or complete phone numbers when receiving funds. Instead, only limited identifiers, such as partial names and a masked mobile number, will be displayed. Key transaction details, including the amount, date, and transaction reference, will remain intact.
This adjustment builds on earlier steps taken to limit data exposure across the platform, including reduced visibility in account statements and merchant services like Buy Goods and PayBill. By extending these measures to peer-to-peer transfers, Safaricom is effectively aligning privacy standards across all major transaction types.
The move comes amid rising concerns over the risks associated with exposing personal data in digital payments. Previously, full names and phone numbers were visible, a feature that aided verification but also left users vulnerable to unwanted contact, data misuse, and fraud. The revised approach seeks to strike a balance between privacy and transactional clarity.
The changes are also in line with Kenya’s data protection framework, particularly the principle of data minimisation under the Data Protection Act, which requires that only essential information be shared. It also reflects growing regulatory focus by the Central Bank of Kenya on consumer protection and responsible data handling in digital finance.
Also Read: Small Traders Face VAT Burden Under KRA’s New Tax Proposal
Importantly, the transaction process itself remains unchanged. Payments will still be processed instantly, and users will continue to receive full transaction details on their own devices. The main shift lies in restricting what third parties can see to only what is necessary for confirmation.
More broadly, the update points to a shift towards embedding privacy into the design of financial services. Rather than leaving data protection to user choices after the fact, platforms like M-Pesa are increasingly building it into the system from the outset, signalling a more cautious and structured approach to handling user information at scale.
