Back in January of 2020, I had an article on the M-Pesa privacy problems I felt Safaricom needed to address. There is so much personal data we leave at businesses, and with other people, whenever we send them money when paying for goods or services. And that data can be used and abused in so many ways. We’ve already seen weird text messages, people get registered into political parties they don’t know of, people getting scammed by conmen who know their full names, and much more. These incidences happen because of the information these people can access from all the data that’s lying around. And that data can be sought from many places including your M-Pesa details.
Since last year January, a huge number of Kenyans have moved to using M-Pesa as their main way of transacting. One can argue that that’s all thanks to the pandemic.
Way more businesses now have Lipa na M-Pesa till numbers, and PayBill numbers. Safaricom even introduced Pochi La Biashara for small businesses. That has meant you’re leaving your full names and phone numbers at many more businesses than ever before.
With the introduction of Pochi La Biashara last year at the end of October, a new feature that debuted with that product was centred around privacy. The business owners would not receive your phone number once you made your payment. This way, the business owner would not be able to call you back, or text you, or any other shenanigans we’ve seen over the past few years where people get harassed because they paid using M-Pesa leaving the other party with your name and phone number.
I argued that while the Pochi La Biashara move was welcome, it wasn’t enough. We needed more done across the board.
Well, today, the Business Daily reports that Safaricom will now hide the identity of Lipa na M-Pesa users. Which is a huge shift, and hopefully, an indication of more to come.
This will be done in a simple way: the business you pay will only see the first and the last digits of your phone number. The middle digits will be blocked. Meaning whoever handles the data won’t be able to know your exact phone number once you’ve paid. Which is a reprieve for many.
I think they will however still be able to know your name. For me, that’s still quite an issue.
Last week, a report from Ernst & Young revealed that 41% of firms transferred their clients’ data to third-party service providers with 53% of these not getting the approval of their customers before sharing the data. This is in direct violation of the law that restricts the handling and sharing of personal data firms and government entities obtain.
We still have a lot to do as a country on matters of privacy. Kenya is among the top countries that receive the highest spam messages. And these are all as a result of how personal data is handled.
While it is unclear when the new M-Pesa feature rolls out, now that the information is in the public, I hope it happens soonest. And I hope Safaricom doesn’t stop there. There’s so much more data that their M-Pesa service has exposed to people out there.
With your phone number, anyone can know your full names thanks to Hakikisha. This is a feature that allows you to see the details of whoever you’re sending money to before you actually send them the money. The feature allows you to cancel that transaction before it happens, but by then you already know the other party’s full names. In that January 2020 article, I talked about how the said feature removed the need for apps like Truecaller.
With your phone number, and your National Identity number (which is still asked by M-Pesa agents), there’s so much a bad player can do. Safaricom needs to find ways of ensuring that these essential parts of M-Pesa including sending money, withdrawals and deposits, aren’t avenues for scammers to get people’s personal details.
Let’s hope this new move with Lipa na M-Pesa is just the beginning of making the mobile money platform more private.