Safaricom to Mask M-Pesa Sender Numbers in Major Privacy Overhaul

NAIROBI, Kenya — In a move to bolster user security and align with tightening data privacy regulations, Safaricom has announced it will stop displaying full phone numbers of senders during M-Pesa transactions.

The update, set to roll out by the end of March 2026, marks a fundamental shift in how the mobile money giant handles subscriber data. Under the new protocol, recipients of “Send Money” transactions will only see a redacted version of the sender’s mobile number, effectively shielding the sender’s identity from potential “data harvesting” or unsolicited contact.

A Birthday Milestone Focused on Trust

The announcement coincides with M-Pesa’s 19th anniversary. Safaricom CEO Peter Ndegwa emphasized that as the platform surpasses 40 million monthly active users, maintaining digital trust has become as critical as the service’s reliability.

“That trust is built not only on the reliability of M-PESA, but also on how well we protect the personal information of those who use it,” Ndegwa stated on Wednesday.

The move follows increasing pressure from the Central Bank of Kenya (CBK) and the Office of the Data Protection Commissioner (ODPC) to minimize the exposure of personal identifiable information (PII). It also mirrors recent changes where Safaricom began redacting phone numbers in M-Pesa statements to comply with the Data Protection Act.

How the New Feature Works

While the sender’s name will remain visible to ensure the recipient knows who sent the funds, the mobile number will be partially hidden (e.g., 0702507*). Safaricom has introduced a two-step consent process for those who need more information:

• The 24-Hour Window: A recipient can request the sender’s full details within 24 hours of a transaction.
• The Consent Prompt: The sender will receive a pop-up on their phone asking for permission to share their details.
• The 2-Hour Limit: If the sender does not approve the request within two hours, or explicitly declines it, the information remains hidden.

Addressing Privacy Gaps

For years, M-Pesa users have expressed concerns over how easily strangers—such as delivery riders or casual acquaintances—can obtain their full mobile numbers through a simple transaction. This update aims to close that gap.

However, the transition hasn’t been without debate. Some users recently criticized Safaricom for “over-redacting” data, especially after the telco required a Police Abstract for customers to access unmasked versions of their own transaction statements. This new P2P masking feature appears to be a middle-ground solution, giving users more control over their own data in real-time.

Phased Rollout

The “Number Masking” feature will be launched in phases, starting with standard person-to-person (P2P) transfers before expanding across the entire M-Pesa ecosystem, including merchant payments and agent transactions.