The tip of the telephone numbers in M-PESA as we all know it

For practically 20 years, the M-PESA transaction chime has include a quiet trade-off in your privateness. Each time you ship cash or pay a invoice, you hand over your full identify and a direct line into your digital life.

By late 2026, Safaricom plans to finish this period of radical transparency. In a phased rollout beginning with peer-to-peer (P2P) transfers subsequent week and increasing to service provider funds and financial institution transfers by subsequent yr, your telephone quantity is not going to be seen.

If you’re a privateness advocate, it is a long-overdue victory. If you’re a small enterprise proprietor who reconciles books by way of SMS, it’s a logistical nightmare. However if you happen to look carefully on the mechanics, you’ll see it is a basic, long-overdue change to the Kenyan monetary belief mannequin.

The change is technically easy however socially transformative. As soon as the cash hits the recipient’s pockets, the notification will now not show the complete 10-digit quantity. As a substitute, they may see a redacted model, one thing like 0722000***.

The sender’s two names stay seen (when you’ve got three names, it should simply show two names from March 24 onwards), offering a human anchor to the transaction, however the name to motion (the telephone quantity) is gone.

If a service provider or a recipient genuinely must name you, maybe you left your umbrella on the counter, otherwise you didn’t pay your whole invoice, they’ll now not simply faucet the quantity of their SMS inbox. They should provoke a proper request in your id by way of a brand new verification protocol (forwarding to 334), which prompts you in your telephone. You then should explicitly grant them permission to see your quantity.

Why it took 19 years

Critics have been asking: If that is so good for security, why wasn’t it finished earlier? The reply is that M-PESA’s early success was constructed on the very transparency it’s now dismantling. In a rustic the place formal financial institution accounts had been uncommon, the telephone quantity was the one know-your-customer (KYC) device accessible to the general public. Should you despatched cash to the flawed particular person, you might name them. If a shopkeeper doubted that you simply had paid, they might see that your quantity matched the one in your SIM. The system’s friction was diminished by this mutual visibility.

However the world has modified and Safaricom is now not only a telco however a systemic monetary establishment. With the Information Safety Act of 2019 and the following 2024 amendments, the authorized danger of leaking 40 million individuals’s numbers each single day turned an existential risk.

The Workplace of the Information Safety Commissioner (ODPC) has change into more and more aggressive, and Safaricom, which holds extra private information than maybe another entity within the area, realised that being a leaky bucket was now not a viable enterprise technique.

The first goal right here isn’t the annoying advertising and marketing SMS from companies (although that can drop) however the skilled fraudster.

Kenya has lengthy handled a particular type of social engineering. Scammers pull telephone numbers from transaction alerts, then sound convincing once they name. They pose as legit actors to trick you into reversing faux transactions or giving up your PIN.

Safaricom is successfully stopping these scams by masking the telephone quantity. A fraudster can see that “Individual X” paid KES 1,000, however with out the telephone quantity, they can’t attain him.

Whereas the safety advantages are clear, the contrarian view reveals a major looming hurdle: monetary reconciliation.

Subsequent Wave continues after this advert.

For tens of millions of Kenyan SMEs, the M-PESA SMS is the accounting system. Colleges use the telephone quantity to match charges to college students; landlords use it to match lease to tenants; water firms use it to credit score accounts.

When these numbers go darkish, the handbook method of doing enterprise in Kenya breaks.

1. The large guys are positive: Giant firms (like Kenya Energy or Safaricom itself) use APIs that already masks information, or use account numbers (Paybills) for reconciliation.

2. The small guys are in bother: small companies that use providers like Pochi La Biashara (a service that permits small enterprise house owners like kiosks, distributors or boda-boda, to separate enterprise funds from private cash on one SIM card) will now have to seek out new methods to confirm who paid them.

Safaricom is actually forcing all the financial system to maneuver from checking their messages to utilizing formal service provider instruments just like the M-PESA Enterprise App. It’s a refined push towards digital formalisation.

A brand new type of friction

One key facet of this replace is the dispute-resolution mechanism. If a transaction goes flawed, the recipient has a 24-hour window to request the sender’s particulars.

This introduces managed friction; within the soon-to-be-old days, a dispute was resolved over a telephone name. Within the new world, it is not going to be really easy. This protects the sender from harassment, nevertheless it might decelerate the decision of real errors. Should you by chance ship KES 1,000 to a stranger and so they merely ignore the consent request to indicate their quantity, the trail to restoration turns into rather more bureaucratic, involving formal police studies and Safaricom’s inside reversal desk.

“The principle danger shall be dispute administration. The method would require an extra step, which might introduce some friction. We’re working to handle that by making certain entry to data the place all events are capable of consent,” Safaricom’s chief monetary providers officer, Esther Waititu, instructed journalists in Nairobi on Wednesday.

“If you concentrate on safety and security, there may be all the time some degree of inconvenience. Individuals have constructed habits round how they work together with one another, however it’s extra necessary to maintain everybody secure,” Peter Ndegwa, Safaricom CEO, added.

A needed maturation

Safaricom’s transfer to masks numbers is an admission that M-PESA has outgrown its ‘village’ roots. It’s shifting from a system primarily based on social belief (I do know your quantity, due to this fact I belief you) to systemic belief (the system says it’s paid, and that’s sufficient).

It gained’t cease all spam; scammers have already got huge databases of numbers from earlier leaks. It gained’t cease all fraud; criminals are nothing if not adaptive. However it does elevate the price of entry for the typical prison.

By late 2026, when this rollout is full throughout banks and retailers, the Kenyan digital financial system will look very totally different. It’s a privateness tax that Kenya is lastly able to pay.

Kenn Abuya

Senior Reporter, TechCabal

Thanks for studying this far. Be happy to electronic mail kenn[at]bigcabal.com, together with your ideas about this version of NextWave. Or simply click on reply to share your ideas and suggestions.