Inside Safaricom's System For Verifying Masked M-Pesa Sender Details

Safaricom has provided a detailed breakdown of how its mobile money platform, M-Pesa, manages the balance between user privacy and transaction transparency. The telecommunications firm addressed growing questions regarding how customers can confirm who has sent them money now that certain digits of phone numbers are hidden in transaction notifications.

The move to mask sensitive data follows increasing regulatory pressure and a shift toward stricter data protection standards in Kenya. By obscuring the middle digits of a phone number, the company aims to stop the unauthorized collection of contact details by rogue agents or third-party merchants who previously had access to full customer profiles.

According to Safaricom, the primary tool for verification remains the transaction confirmation message. While the phone number is partially redacted, the full name of the sender as registered on the legal identification document remains visible. This allows the recipient to confirm the identity of the person or entity they are dealing with without the system exposing the entire ten-digit mobile number.

The company noted in its latest disclosures that this specific feature was developed to curb the nuisance of unsolicited marketing calls and texts. In the past, many users reported receiving promotional messages shortly after making payments at fuel stations, supermarkets, or through Lipa na M-Pesa agents who had harvested their numbers from transaction logs.

For those using the M-Pesa Super App, the verification process is more interactive. The app provides a secure environment where users can view transaction history with names clearly displayed, although the masking of the digits persists across the interface. This ensures that even if a phone is left unlocked, a casual observer cannot easily copy down a list of active phone numbers from the user's recent history.

Safaricom stated that the protection of personal identifiable information is now a core pillar of its technical roadmap. The firm emphasized that these changes do not interfere with the reversal process. If a user receives money from a masked number and needs to initiate a reversal, the standard "Hakikisha" feature and the 456 reporting system still function by using the unique transaction code rather than the sender's phone number.

The locals have previously raised concerns about the difficulty of returning money sent by mistake if they cannot see the full number to call the sender back. Safaricom's editorial position is that the internal reversal system is the safest way to handle such errors, as it prevents cases of confrontation or potential scams initiated through phone calls.

Business owners and agents also operate under these new visibility rules. While they can see the names of customers to verify payments, the masking protects the customer from being added to databases without consent. This alignment with the Data Protection Act has changed the daily workflow for thousands of small businesses across the country.

The company continues to update its privacy settings, noting that as digital crimes evolve, the methods for concealing user data must become more sophisticated. The masked number format, which typically shows the first few and last few digits, is now the standard for all person-to-person and merchant-to-person alerts.