How Safaricom’s new M-PESA masked phone number feature will work

Safaricom, East Africa's dominant telecommunications operator, is implementing a significant privacy enhancement to its M-PESA mobile money platform—masking phone numbers in transaction confirmation messages. This seemingly technical adjustment represents a critical evolution in how African fintech addresses one of the continent's most persistent security vulnerabilities: social engineering fraud targeting payment system users. The mechanism behind this innovation is straightforward but effective. When users previously received M-PESA transaction confirmations, the full phone numbers of senders or recipients appeared in the SMS notification. Sophisticated criminal networks have systematized the exploitation of this information, harvesting phone numbers from confirmation messages and subsequently contacting users while impersonating Safaricom customer service representatives, legitimate businesses, or even the transaction initiators themselves. These fraudsters then convince victims to divulge PIN codes, authorization credentials, or transfer additional funds under false pretenses. For context, Safaricom operates in a market where mobile money penetration has reached extraordinary levels. M-PESA alone processes billions of dollars annually across Kenya, Tanzania, and other markets where Safaricom operates. This scale creates both tremendous economic opportunity and proportional security challenges. The platform's accessibility to users with limited digital literacy has made it an attractive target for increasingly sophisticated fraud operations. The masked phone number feature