Safaricom, Kenya’s largest telecoms operator, plans to extend data minimisation across its mobile money service M-PESA by late 2026, expanding controls that limit the exposure of customer phone numbers in mobile money transactions.
The change will cover bank transfers and merchant payments, according to the telco’s chief financial services officer, Esther Waititu, who spoke on Wednesday at the company’s Nairobi headquarters.
“Later in the year, we will be working with banks to make sure that that data is also masked, because we can’t be doing it in one area and then omitting the other,’ Waititu said.
The move targets one of the most common ways personal data is misused in Kenya’s payments system, where phone numbers shared in transaction alerts are later reused for spam, marketing and fraud. Extending masking to merchant payments and cross-platform transfers cuts off a major source of such data at scale.
The rollout builds on an earlier update scheduled for March 24, when Safaricom will begin masking part of a sender’s phone number in peer-to-peer M-PESA transactions. The next phase targets merchant payments, one of the main areas where customer data is still widely exposed.
Buy Goods and Paybill, Safaricom’s cashless payment services that handle a large share of everyday transactions, typically send merchants SMS confirmations that include customers’ full phone numbers.
Small businesses rely on these alerts to track sales and confirm payments. The same numbers are often reused to send promotional messages or shared beyond the original transaction, making merchant payments a key source of unsolicited marketing.
Customers will still complete payments and merchants will continue to receive confirmation, but full phone numbers will no longer appear in SMS alerts. This limits how easily personal data can be collected and reused outside the transaction.
The expansion will also include cross-system payments. Transfers between M-PESA, banks, and other mobile money services, such as Airtel Money, pass through several platforms, each of which creates a point where data can be viewed or stored.
Applying the same limits across these flows will reduce exposure at each stage and establish a common standard for providers handling the transaction, Waititu said.
The scale of M-PESA means the change will be widely felt, as the service processes 37 million daily peer-to-peer transactions worth KES 27 billion ($209 million), out of a total of 137.9 million transactions valued at KES 118 billion ($914 million).
Safaricom’s data minimisation push has developed over several years. It began in 2020 with Pochi La Biashara, a product designed to allow small traders receive payments without exposing full customer details. In 2021, the company reduced internal access to customer data.
A year later, it trimmed personal information from M-PESA statements. By 2023 and 2024, similar controls had been added to merchant-facing APIs used by large organisations, before extending to peer-to-peer transactions in 2026.
Extending the same approach to merchant payments closes one of the main remaining gaps. It also creates new operational pressure for businesses that rely on phone numbers to reconcile transactions or follow up with customers. Without that identifier, merchants may need to depend more on transaction codes or internal systems to match payments.
“If you think about security and safety, there is always some level of inconvenience. People have built habits around how they interact with each other, but it is more important to keep everyone safe,” said Peter Ndegwa, Safaricom CEO.
Waititu said dispute management is likely to be the biggest risk as the change rolls out, as businesses adjust to resolving payment issues without full access to customer phone numbers.
“The main risk will be dispute management. The process will require an additional step, which could introduce some friction. We are working to address that by ensuring access to information where all parties are able to consent,” Waititu added.
