IKO TopApp

Back to BlogSign In
Mobile Money
9 min read

M-Pesa Phone Number Masking: Everything You Need to Know About Safaricom's New Privacy Feature (2026)

Your M-Pesa number is now hidden from recipients by default. Find out what the new privacy feature means for everyday users, merchants, and developers — and what to do when you need the full sender details.

By James W
March 24, 2026
Share:
M-Pesa Phone Number Masking: Everything You Need to Know About Safaricom's New Privacy Feature (2026)

Published: March 24, 2026  ·  7 min read  ·  M-Pesa · Data Privacy · Safaricom

If you sent money on M-Pesa today, something quietly changed. The person on the other end no longer sees your full phone number — and that's entirely by design. After years of building toward it, Safaricom has flipped the switch on one of the most significant privacy upgrades in M-Pesa's 19-year history.

⚡ Quick Summary — TL;DR

  • Your phone number is now partially hidden in all M-Pesa transaction notifications (e.g. 0722***712)
  • Only your first and last name appear — no more middle names or full identity exposure
  • Applies to Send Money (P2P), Till (Buy Goods), and PayBill transactions
  • To get a sender's full details, forward the transaction SMS to 334 within 24 hours
  • The sender must approve — they have 2 hours to respond before the request expires

What Exactly Changed in M-Pesa Today?

Before today, every M-Pesa transaction notification handed over your complete digital identity to the recipient — full three-part name, complete phone number, transaction details. It was simple, transparent, and for years, it worked. But as Kenya's digital economy scaled, that openness became a liability.

Safaricom's new data minimization feature changes what recipients see in transaction alerts. The change is surgical — only the personally identifying details are trimmed. Everything you need to track the money is still there.

Here's what the before and after looks like:

Before — Old Transaction Notification

M-PESA
You have received Ksh500.00 from JOHN KAMAU MWANGI 0722000712 on 24/3/26 at 10:32 AM.
New M-PESA balance is Ksh1,200.00. Transaction cost, Ksh0.00.
Ref: QHJ7K9LMN1

After — New Transaction Notification

M-PESA
You have received Ksh500.00 from JOHN MWANGI 0722***712 on 24/3/26 at 10:32 AM.
New M-PESA balance is Ksh1,200.00. Transaction cost, Ksh0.00.
Ref: QHJ7K9LMN1

The middle name is gone. Three digits of the phone number are replaced with asterisks. The amount, date, time, balance, and transaction reference remain exactly the same.

Good to know: M-Pesa reversals are not affected. They rely on the transaction reference code — not the sender's name or number — so that process continues to work exactly as before.

M-Pesa by the Numbers

Metric Figure
Daily peer-to-peer transactions affected 37 million
Daily active P2P customers 14.1 million
Daily P2P transaction value KES 27 billion
Total daily M-Pesa transactions 137.9 million
Total daily M-Pesa transaction value KES 118 billion

How to Get a Sender's Full Details — The 334 Process

Safaricom didn't lock the door without leaving a key. For situations where you genuinely need a sender's full identity — a disputed payment, a business reconciliation, or a mistaken transaction — there is a consent-based verification process.

Step 1 — Forward the transaction SMS to 334

The recipient forwards the original M-Pesa transaction message to short code 334. This must be done within 24 hours of the transaction. This is a one-time request — only one attempt is allowed per transaction.

Step 2 — The sender receives a consent SMS

Safaricom immediately sends the original sender an SMS prompt asking whether they approve sharing their full name and phone number with the recipient. No action is taken without the sender's knowledge.

Step 3 — Sender approves or declines (within 2 hours)

The sender has a 2-hour window to respond. If they approve, the recipient receives the full details via SMS. If they decline — or simply don't respond — the request expires automatically and the data stays protected.

Step 4 — Recipient is notified of the outcome

Either the full details arrive via return SMS, or the recipient receives a notification that the request was declined. Either way, there is a clear resolution within the 2-hour window.

⚠️ Important for merchants: Each verification request is limited to one attempt per transaction. If the sender declines or the window expires, you cannot request again for the same transaction. Plan your reconciliation workflows accordingly.

Why Is Safaricom Doing This — And Why Now?

The short answer: your phone number has been weaponized for years, and Safaricom finally has the infrastructure to fix it.

Every M-Pesa transaction was a data leak. Merchants, hawkers, fraudsters — anyone who received a payment got your full number, ready to be harvested, sold, or exploited. Post-transaction harassment became so common it was simply accepted as part of life on M-Pesa.

Safaricom CEO Peter Ndegwa framed the issue plainly:

"Our customers want convenience, but they also need to feel that the information entrusted to us is handled with care, respect, and integrity."

— Peter Ndegwa, CEO, Safaricom

Critically, this move was not forced by a regulator. Chief Financial Services Officer Esther Waititu was explicit:

"This move has not been done because of compliance, but to ensure that we are valuing you as our customer and taking feedback from you."

— Esther Waititu, CFO Financial Services, Safaricom

The Central Bank of Kenya approved the feature, but Safaricom initiated it — aligning proactively with Kenya's Data Protection Act 2019.

Safaricom's Privacy Journey: Six Years in the Making

Today's launch isn't a sudden pivot — it's the conclusion of a deliberate, multi-year program to embed privacy into M-Pesa's architecture from the ground up.

  • 2020 — Pochi la Biashara launched with number masking built in from day one
  • 2021 — Internal staff data access restricted; front-line agents can see less customer data
  • 2022 — Phone number masking extended to M-Pesa account statements
  • 2023–2024 — API-level data minimization rolled out; partners now receive only the minimum data required to complete a service
  • 2026 — P2P and merchant transaction masking goes live — the biggest and most visible step yet

What This Means for Merchants and Developers

⚙️ Developer & Merchant Note

  • Transaction callbacks and C2B confirmations via the Daraja API will now return masked phone numbers — update your parsing logic to handle the 0722***712 format
  • Any workflow that matches incoming transactions against customer records using the full MSISDN from the SMS notification will break — migrate to transaction reference codes or your own stored customer data
  • Merchants relying on manual SMS-to-spreadsheet workflows should transition to the *334# USSD service or an integrated M-Pesa business application for dispute resolution
  • The consent-based 334 flow has a 24-hour window and a one-attempt cap — factor this into any customer support SLA or dispute resolution process
  • Phone normalization logic (e.g. stripping the 254 prefix) should be updated to accommodate the masked middle-digit pattern before further processing

Frequently Asked Questions

Does this affect PayBill and Till payments too?

Yes. The masking applies to peer-to-peer (Send Money), Till (Buy Goods), and PayBill transactions. Small and medium-sized merchants who were previously excluded from earlier API-level changes are now included in this rollout.

Will M-Pesa reversals still work?

Yes, completely. Reversals use the transaction reference code, not the sender's name or phone number. That process is entirely unaffected by this change.

What if the sender doesn't respond within 2 hours?

The request expires automatically. The sender's data is not shared, and the recipient is notified that the request has lapsed. You cannot make a second request for the same transaction.

Is this a legal or CBK requirement?

The Central Bank of Kenya approved the feature, but Safaricom has been clear that this was a company-initiated decision — driven by customer feedback and aligned with Kenya's Data Protection Act 2019, not mandated by a specific directive.

Does the sender know when someone has requested their full details?

Yes, always. The entire consent mechanism is built on the sender receiving an explicit prompt and choosing to approve or decline. No information is ever shared without the sender's active consent.

How many times can a recipient request the sender's details?

Only once per transaction. The request is also valid for 24 hours from the time of the transaction, not from the time the request is made.

The Bottom Line

Safaricom's data minimization rollout is not a minor configuration change. It is a structural shift in how one of the world's most widely used mobile money platforms thinks about personal data — from a default that shares everything, to one that shares only what is necessary.

For everyday M-Pesa users, the change is simple and protective: your number stays yours unless you choose to share it. For merchants and developers, there is adaptation required — but the tools exist to make the transition smooth.

As Sharon Holly, Safaricom's privacy lead, put it: "This is a step in a long journey." With 40 million customers and 37 million daily P2P transactions, getting privacy right at this scale matters — not just for Kenya, but as a blueprint for mobile money platforms across Africa and beyond.

Today, your M-Pesa number is yours again.

All figures sourced from Safaricom's official media briefing, March 18, 2026. Published March 24, 2026.

Tags

M-PesaSafaricomMobile MoneyKenya Tech