Dr. Peter Ndegwa, CEO of Safaricom PLC, addresses the media on data minimization measures on March 18, 2026.
By Peace Muthoka.
Customers using M-Pesa will soon enjoy enhanced privacy after Safaricom PLC announced a new person-to-person (P2P) data minimization feature that will limit the personal information shared during transactions.
From March 24, users sending money will no longer reveal their full phone numbers or complete names. Instead, recipients will only see the sender’s first and last name, while part of the phone number will be masked.
The change marks a major step in reducing the exposure of personal data on one of Kenya’s most widely used financial platforms.The move comes as digital payments continue to grow, raising concerns about privacy and the safety of customer information. Millions of Kenyans rely on M-Pesa daily to send money, pay bills and run businesses, making data protection increasingly critical.
Safaricom’s Head of Customer Privacy, Sharon Holi, said the new feature responds directly to customer concerns about the visibility of personal details during transactions.
She explained that the initiative is part of a broader journey that began in 2020, when the company first introduced data minimization measures on Pochi la Biashara accounts.
Since then, Safaricom has steadily expanded these protections. The company limited employee access to customer data, masked phone numbers on M-Pesa statements and later extended similar controls to APIs used by Buy Goods and Lipa na M-Pesa services.
“With this latest step, when I send money to you, my full names and phone number will not come through. You will only see my first and last name, and part of my phone number will be hidden,” Holi said.
She added that the changes are designed to prevent misuse of customer information and reduce risks such as spam messages, fraud and unwanted contact.
Safaricom’s Chief Financial Services Officer, Esther Waititu, said the rollout is aimed at strengthening trust, which remains central to digital financial services.
“Trust is built by protecting data,” she said. “This move is not about compliance. It is about being proactive and showing our customers that we value them and listen to their feedback.”
Waititu noted that as more Kenyans adopt digital transactions, companies must go beyond regulatory requirements and take deliberate steps to safeguard customer information.
The announcement was reinforced by Safaricom CEO Peter Ndegwa, who highlighted the scale of M-Pesa and the responsibility that comes with it.
He said millions of users depend on the platform every day for financial transactions, making the protection of their data a top priority.
“M-Pesa has become a critical part of our social and economic lives, and protecting customer information is extremely important for us,” Ndegwa said.
He outlined the company’s multi-year approach to strengthening privacy, noting that Safaricom has consistently reduced the amount of customer data shared across its systems.
From limiting what merchants can access to masking details on statements and restricting internal access, the company has built what it describes as a privacy-by-design ecosystem.
The P2P rollout, he said, extends these protections across all major transaction types.
Ndegwa also pointed to recent upgrades under the Fintech 2.0 platform, which have improved system security and efficiency. The platform now supports more than 37 million P2P transactions daily, valued at over Sh2 billion, while integrating AI-driven fraud detection and stronger authentication controls.
“These capabilities make data minimization both possible and impactful,” he said.
In addition to masking details, Safaricom will introduce a verification option that allows recipients to confirm a sender’s identity. Users can forward a transaction message to a designated code, prompting the sender to approve or decline sharing their full details.
If approved, the recipient receives the sender’s full name and phone number. If declined, they are notified, giving customers more control over their personal data.
The company expects the changes to reduce fraud and social engineering risks, where scammers exploit visible personal information. It will also help curb unwanted calls and messages, a common concern among users.
Safaricom said the initiative aligns with global best practices that advocate for sharing only the minimum amount of personal data necessary.
Ndegwa added that data protection goes beyond one company and requires collective action across industries.
“Data protection is bigger than one organization. It is a nationwide conversation that requires collective action,” he said.
As Kenya’s digital economy expands, the balance between convenience and security will remain key. With the new P2P feature, Safaricom is positioning M-Pesa as not just a leading mobile money platform, but also a safer one for its millions of users.
