M-PESA to stop sharing full phone numbers with merchants, banks by end of 2026

Safaricom, Kenya's telecommunications behemoth, is implementing a significant privacy architecture upgrade across its M-PESA platform—Africa's most successful mobile money service—by the end of 2026. The initiative will prevent merchants and financial institutions from accessing customers' complete phone numbers during transactions, marking a watershed moment in data minimization practices across the continent's financial infrastructure. This development arrives at a critical juncture for African fintech regulation. While Europe has long operated under stringent data protection frameworks like GDPR, most African markets have lacked comparable consumer privacy safeguards. M-PESA's move signals a maturation of regulatory thinking in East Africa and positions Kenya as a privacy-conscious hub for digital finance—a distinction increasingly valuable in attracting institutional capital. **The Business Imperative Behind Privacy** M-PESA's decision reflects both regulatory pressure and competitive positioning. Kenya's Data Protection Act (2019) has gradually tightened compliance requirements, while regional bodies like the East African Community have signaled stronger data governance priorities. However, Safaricom's timing suggests a strategic calculation: privacy protection enhances customer trust and reduces operational risk exposure from data breaches—a growing concern for the platform's 55+ million users. The merchant and banking ecosystem has historically leveraged full phone number visibility for customer profiling, cross-selling, and credit assessment. Restricting this