While Safaricom’s push to mask phone numbers in everyday M-PESA transactions is a net positive for privacy, their strict interpretation of the Data Protection Act is creating an absolute nightmare for users trying to access their own financial records.
If you request your M-PESA statement today, you might be in for a shock: the phone numbers of the people you transacted with are entirely redacted.
This issue was brought to light on X (formerly Twitter) last year and recently resurfaced through Dr. Mercy Korir, who rightfully questioned the utility of a redacted statement. After all, the document is sent to your registered email, requested from your phone, and is secured with a unique password.
When users reach out to Safaricom Customer Care asking why their own statements are censored, the response is baffling. The telco claims the masking is necessary for compliance with the Data Protection Act.
But here is where it goes from mildly annoying to downright absurd. To get an unmasked version of your own M-PESA statement, Safaricom Care states you must:
- Go to a police station and get a Police OB (Occurrence Book) number stating your reasons.
- Take that OB number and your Original ID to a physical Safaricom Retail Shop.
- Request an abstract to facilitate the unblurring process.
See, I understand Safaricom’s fear of running afoul of the Data Protection Commissioner. Corporate fines are heavy, and safeguarding customer data is paramount.
However, this policy completely defeats the purpose of a financial statement. If you are a freelancer trying to reconcile payments or an individual tracking personal debts, a list of transactions with masked numbers is virtually useless. Banks handle vastly more sensitive data than just phone numbers, yet they do not redact account numbers or names on the personal statements they send you.
Redacting the phone number of people you sent money to, from a statement requested by you, feels less like security and more like a bureaucratic misinterpretation of the law. Forcing a customer to waste police resources for an OB number just to see who they sent KES 1,000 to last week is an embarrassing UX failure.
Safaricom needs to find a middle ground. Secure the messages, yes, but once the user has authenticated themselves via their PIN and password, the data inside the statement should be theirs to view in full.
