For nearly two decades, M-PESA has defined how money moves in Kenya, fast, simple and deeply embedded in everyday life. From market stalls to rent payments, the platform has grown into a financial ecosystem processing millions of transactions daily. But as its scale has expanded, so too has the question of how much personal data should travel with every transaction.
A new shift is now underway. Beginning March 24, 2026, Safaricom is rolling out a data minimisation framework for person-to-person transfers, a move that will fundamentally change what customers see when they send or receive money. The change may appear subtle, but at scale, it represents one of the most consequential privacy upgrades in the platform’s history.
At present, a typical transaction message reveals a sender’s full name and complete mobile number. Under the new system, that level of exposure will be reduced. Users will now see only two names instead of three, and phone numbers will be partially masked, appearing in a format such as 0722***000. Crucially, transaction details like the amount, date and confirmation code will remain fully visible, preserving transparency while limiting unnecessary personal data.
The shift is anchored in a simple principle, share only what is necessary.
Yet the numbers behind this change reveal why it matters. M-PESA currently supports about 14.1 million daily active person to person users. Within that segment alone, approximately 37 million transactions are conducted every day, forming part of a broader ecosystem that processes roughly 137.9 million daily transactions. In value terms, person to person transfers account for about 27 billion shillings daily, within a total daily transaction value of 118 billion shillings.
This scale means even small exposures can quickly become systemic risks.
In the current setup, every transaction message doubles as a potential data point, one that can be captured, stored or misused. Fraudsters, for instance, often rely on harvesting phone numbers from transaction notifications to stage scams or social engineering attacks. Others use the information for unsolicited marketing or, in some cases, harassment after a transaction.
By masking numbers and limiting visible names, the new system significantly reduces the amount of personal information circulating in everyday financial interactions. It is a defensive move, designed not to disrupt the user experience, but to quietly close off avenues for misuse.
According to Safaricom, the initiative is part of a broader, multi year journey toward embedding privacy across the M-PESA ecosystem. Earlier efforts have included restricting internal access to customer data, minimizing information on account statements, and reducing data exposure in business payment integrations such as Buy Goods and Paybill services.
The person to person update, however, is perhaps the most visible to consumers, precisely because of how frequently they use it.
Still, the system does not eliminate transparency altogether. Recognizing that certain transactions may require full disclosure, Safaricom has introduced a consent based verification feature. By forwarding a transaction message to a designated code, users can request the sender’s full details. The sender is then notified and can choose whether to share their complete name and phone number or decline the request. Each verification request is limited to one per transaction and remains valid for 24 hours.
This opt in approach reflects a broader shift in digital design, where control over personal data is increasingly placed in the hands of the user rather than the system.
Beyond security, there is also a regulatory undertone to the move. Data minimization is a key principle in modern data protection frameworks, which emphasize limiting the collection and exposure of personally identifiable information. By aligning with these principles, M-PESA is not only responding to emerging risks but also positioning itself within a global conversation on privacy and digital rights.
For users, the immediate benefits are practical. Reduced exposure means fewer chances of receiving spam calls or marketing messages triggered by transaction data. It also lowers the risk of being targeted by fraudsters who rely on personal details to build trust in scam attempts.
But perhaps the most important outcome is psychological. Trust is the currency that underpins digital finance, and even minor vulnerabilities can erode confidence over time. By proactively tightening how data is shared, M-PESA is reinforcing its reliability in an environment where users are becoming increasingly aware of how their information is handled.
The challenge, as always, lies in maintaining the delicate balance between privacy and usability. Too much restriction could complicate transactions, while too little leaves users exposed. The current approach suggests a middle ground, one where essential information flows freely, but sensitive data is shielded unless explicitly needed.
For a platform that processes tens of millions of transactions every day, that balance is not just a technical adjustment, it is a strategic imperative.
As the rollout begins, most users may barely notice the difference. The messages will still arrive instantly, the confirmations will still be clear, and the rhythm of daily transactions will remain unchanged. Yet behind the scenes, a significant shift will have taken place, one that reduces the digital footprint of every transaction while strengthening the overall integrity of the system.