Safaricom is rolling out a new M-Pesa privacy update that hides part of a sender’s phone number in transaction messages, starting on March 24, 2026. The idea is simple: give customers more privacy while still keeping payments easy to verify. In practice, recipients will still see the sender’s name and transaction details, but the full mobile number will no longer be exposed in the SMS alert.
Key Takeaways
- M-Pesa transaction alerts will no longer show full phone numbers by default.
- The rollout begins on March 24, 2026.
- Recipients will still see the sender’s name, amount, date, and reference details.
- A consent-based lookup system through short code 334 will be available when full details are needed.
- Safaricom says the change is meant to reduce fraud, spam, and unwanted contact.
- The update builds on earlier privacy changes across Pochi la Biashara, statements, and integrated merchant systems.}
For many people, this is a welcome shift. Phone numbers are personal information, and once they appear in every payment message, they can be copied, stored, or misused very quickly. Safaricom says the update is designed to reduce exposure to fraud, social engineering, unsolicited messages, and other forms of misuse. Business Daily also reported that the move follows approval from the Central Bank of Kenya.
The new format is straightforward. Instead of showing the full number, M-Pesa will display only part of it, such as 0722***000. The sender’s first and last names will still appear, while the rest of the transaction details remain unchanged. That means the payment itself works the same way; only the amount of personal data shared in the message changes.
There is also a built-in way to handle cases where a recipient needs more detail. If someone really needs to confirm who sent the money, they can forward the message to 334. That triggers a request to the sender, who can approve or decline sharing their full name and number. Safaricom says the request is valid for 24 hours, and the sender has two hours to respond.
That consent step matters because it changes the default balance of power. Instead of a phone number being automatically visible to anyone receiving money, the sender now decides whether to share more. For ordinary users, that is a cleaner privacy model. For merchants and traders, it may take some adjustment, especially in situations where staff have relied on full SMS details to resolve payment disputes. Techweez noted that this could create a verification gap in some cases, particularly when businesses want to cross-check a customer’s identity after an issue.
The bigger picture is that this is not a random one-off change. Safaricom has been moving in this direction for years, starting with privacy controls in Pochi la Biashara and later extending masking to staff access, statements, and API-based merchant integrations. With M-Pesa processing millions of daily person-to-person transactions, the privacy stakes are high, and the company appears to be tightening controls across the entire ecosystem.
For users, the practical takeaway is reassuring: your money still moves as usual, but your phone number is less exposed. For businesses, the lesson is to rely more on official M-Pesa verification tools and less on asking customers to show screenshots or messages. That may feel like a small change, but in a system as widely used as M-Pesa, small changes can have a big effect.
