Safaricom Will Hide Your Name and Phone Number When You Send M-Pesa—Everything Explained!

If you have ever received or completed an M-Pesa payment and immediately started getting unsolicited calls or messages, you already understand the problem Safaricom is finally solving. Starting March 24th, your phone number will no longer be fully visible when you send someone money on M-Pesa — and it has taken six years to get here.

What Is Changing

The update is simple but long overdue. Today, when someone sends you money, your M-Pesa confirmation SMS shows the sender’s full phone number and three names — for example, Otieno Juma Kamau sent you KES 500 from 0712 345 678. From March 24th, that same message will show a masked number — 0712***678 — and the first and last name: Otieno Kamau. (And no you won’t be able to choose which names are hidden and which ones are shown.

The amount, transaction ID, date, and time all remain exactly as they are. Only the personally identifiable details — the full name and full phone number — are being trimmed.

This applies to all M-Pesa P2P Send Money transactions. To put that in perspective: M-Pesa processes 37 million peer-to-peer transactions every single day, across 14.1 million daily active customers, moving a combined KSh 27 billion in daily value. That is how many phone numbers have been silently exchanged — without consent — through SMS inboxes every day, for years.

What If You Need to Know Who Paid You?

Safaricom has thought about this. If you receive a payment and genuinely need to verify the sender’s identity, you forward the transaction SMS to 334.

Here is how it works:

1. You send the transaction message to 334
2. The sender receives an SMS asking if they want to share their full name and number with you
3. If they agree, you get their complete details via SMS
4. If they decline, you get a notification informing you of their decision

One request per transaction, valid for 24 hours. The default is privacy. Disclosure is a choice the sender makes — not something that happens automatically the moment they pay you.

How We Got Here: A Six-Year Story

This did not happen overnight, and frankly, it should not have taken this long. Safaricom has been quietly building toward this moment since 2020.

• 2020 — Pochi la Biashara launched with data minimization built in from day one
• 2021 — Talk of Lipa na M-Pesa masking started, meanwhile: Internal Safaricom staff access to customer data was restricted.
• 2022 — M-Pesa statements were updated to minimize exposed data
• 2023/2024 — Buy Goods and Paybill APIs updated for large organizations on the C2B APIs
• March 2026 — Buy Goods and Paybill SMS notifications for SMEs, and now, full P2P Send Money masking

I Called This Four Years Ago

I have been writing about this problem since January 2020, when I first raised the alarm about how M-Pesa’s default behavior of broadcasting your phone number with every transaction was a privacy risk hiding in plain sight. Nobody was talking about it then.

Later that year, I wrote about Pochi la Biashara as the first real sign that Safaricom understood the problem. Pochi was built for small business owners and individuals receiving payments — a mama mboga, a freelancer, a hawker — and it launched with the personal numbers protected by default. It was quiet, but it was deliberate. Safaricom knew exactly what they were doing.

By July 2021, I was writing about the broader privacy fixes starting to be tested and appear across the platform. The direction was clear, even if the pace has been slow.

Then in February 2022, I argued explicitly that Safaricom should introduce anonymous M-Pesa transactions — where no personal details are shared during a payment at all. It felt ambitious at the time. Three months later, I reported that Safaricom had begun testing phone number masking.

Now it’s 2026 and it’s going live across the entire P2P network. I’ll take it.

The Gaps That Still Exist

Let’s be clear about what this update does not cover — because the privacy gap does not disappear on March 24th, it just gets smaller.

Bank-to-M-Pesa transfers remain unmasked on the sending bank’s end. When someone sends from their Equity, KCB, or Co-op mobile banking app, what gets displayed in the notification depends on what that bank chooses to implement — not Safaricom.

Inter-network transfers — sending from M-Pesa to Airtel Money, T-Kash, or Equitel — involve a handoff between separate operators. What Safaricom masks on its side does not automatically carry through to the notification the recipient sees on another network.

Business transactions outside the current SME scope, including large enterprise integrations not yet updated, are also still in the queue.

The CBK’s approval of phone number masking for Lipa na M-Pesa Till and Paybill earlier this month, and Safaricom’s rapid rollout of that change, shows the regulator is willing to push these changes through. But until the CBK mandates industry-wide standards — covering every bank, every network, every integration — privacy will remain a patchwork.

The Bigger Picture

M-Pesa P2P transactions are initiated by phone number — you type in the recipient’s number to send money. So when the recipient gets a masked notification of your number, the masking isn’t protecting your number from the person you’re paying — they don’t have it. It’s protecting your number from being passively captured in their SMS inbox, screenshotted, forwarded, or scraped.

But that raises a deeper question: is this a stepping stone toward M-Pesa eventually decoupling transactions from phone numbers entirely? When I asked this question at the media immersion, Safaricom was quick to say NO.

But think about how bank cards work. Your card number is what’s masked in receipts — ****1234 — but the card is just a visible alias. Your real account number never appears during a transaction. The card takes the exposure risk; the account stays buried in the backend.

Could M-Pesa evolve the same way — where a transaction alias or ID is what gets exchanged between parties, while your actual phone number stays in the backend and never surfaces at all? That would be a fundamental architectural shift. M-Pesa’s entire identity layer is built on the SIM card. Detaching transactions from phone numbers would require reimagining how users are identified, verified, and looked up across the ecosystem.

But look at the trajectory. Pochi la Biashara in 2020. Number masking tests in 2022. Full P2P rollout in 2026. Safaricom now requiring a police OB to access your full M-Pesa statement. Every step is moving in the same direction: away from your phone number being a public-facing identifier, and toward it being a private backend credential.

March 24th is a milestone. But the version of M-Pesa where a transaction never involuntarily leaks your personal information — the one I argued for in 2022 — I believe is still being built.