Kenya’s mobile money ecosystem is set for a major privacy upgrade after the Central Bank of Kenya (CBK) approved a new feature that will partially hide users’ phone numbers during M-Pesa transactions.
The change, which Safaricom will roll out gradually, is designed to strengthen data protection, reduce fraud risks, and align mobile payments with Kenya’s data privacy laws.
The decision marks one of the most significant changes to how Kenya’s dominant mobile payment platform handles customer information since M-Pesa launched nearly two decades ago.
A Shift Toward Stronger Privacy
Under the new system, customers making payments through PayBill, Buy Goods, or peer-to-peer transfers will no longer have their full phone numbers displayed in transaction confirmations.
Instead, the number will appear partially masked—for example, 0712XXXXXX so as to limit exposure of personal contact details.
Previously, merchants receiving payments through M-Pesa could see the customer’s full phone number along with the transaction code and amount.
While this helped some businesses identify customers, it also exposed sensitive personal information that was not strictly necessary to complete a payment.
The CBK approved the change after reviewing Safaricom’s request to implement “data minimization,” a concept that ensures only essential information is shared during digital transactions.
Aligning with Kenya’s Data Protection Laws
The new feature is also intended to bring mobile money operations into closer alignment with Kenya’s Data Protection Act of 2019.
Which requires companies to collect and share only the data necessary to deliver a service.
In recent years, concerns have grown about how personal data from digital platforms, including phone numbers, can be misused.
Fraudsters have often relied on transaction information to carry out scams such as social-engineering attacks, SIM-swap fraud, or fake refund requests.
By masking phone numbers, regulators hope to reduce the amount of information that could be exploited by criminals.
What Changes for Customers and Businesses
For ordinary users, the transaction process itself will remain unchanged.
Payments will still be completed in the same way through the M-Pesa menu, USSD codes, or the mobile app.
However, the information visible to merchants will be more limited.
Instead of seeing a customer’s full phone number, merchants will rely on transaction codes, amounts, and confirmations through their business systems to verify payments.
In cases where a merchant genuinely needs the full phone number, for example, for delivery or customer service, the system will allow them to request it.
The customer will then decide whether to approve or decline that request.
The Bigger Picture
The approval to hide phone numbers in M-Pesa transactions reflects a broader global shift toward stronger digital privacy protections.
As Kenya continues to lead in mobile financial innovation, regulators are increasingly focused on ensuring that convenience does not come at the cost of personal data security.
For millions of Kenyans who rely on M-Pesa every day from paying for groceries to sending money to family the change may appear small.
But in the long run, it could represent a significant step toward a safer and more privacy-conscious digital economy.
ALSO READ: The Iran War Explained
