Safaricom to start blocking customer contact details when making payments through Lipa na M-Pesa

Safaricom will begin barring customer contact details while making payments using Lipa na M-Pesa at the end of June in order to prevent personal information from being sold to advertisers or leaked to scammers.

The telecom will only show the initial name and a few digits of the phone number of subscribers who make payments using the platform, effectively masking the customer’s contact information.

This is similar to the methodology used by banks when communicating account numbers to prevent releasing personal information about their customers, and Safaricom is following suit in accordance with the data protection law, which was enacted in 2019 to preserve privacy.

“At the end of June, phone numbers and full names of subscribers making transactions will no longer be relayed to partners,” Safaricom told merchants.

“Only the first name will be passed along and the phone number of the subscriber making the transaction will be masked (obfuscated). For example, if a person named John Doe with a phone number +254(redacted) makes a payment the only data that will be passed along is [John, +2547XXXXX654].”

“Pursuant to the Data Protection Act 2019 which came into law on 25th November 2019, Safaricom will be changing how they share data with Lipa Na M-Pesa Partners in general,” said Safaricom.

“Safaricom and its partners are required to take action to minimise the use and transfer of sensitive data such as names and phone numbers during the processing of transactions.”

People who pay for goods and services currently give their phone numbers and names to thousands of merchants, who exploit this information to deliver unsolicited advertising via text messages.

The information could potentially be sold to third parties without agreement, which would be a violation of the data protection statute passed in 2019.