Safaricom M-Pesa Privacy Problems are finally being fixed!


This week, as Safaricom marked 20 years in the business, they introduced something new called “Pochi la Biashara“. The idea targets micro/small businesses where one can have two wallets under the same M-Pesa account to help them differentiate between personal and business transactions.

Unlike Pay bills and Till numbers, which are special numbers Safaricom gives businesses to help customers quickly pay for goods/services, with Pochi la Biashara the personal phone number is what will be used. That’s already how many of such businesses operate.

When you go to a kiosk or the market, or you use a bodaboda, you often send M-Pesa to their phone number directly. The difference now is that you will be sending money directly to their business wallet, not their personal M-Pesa account.

And the good thing is this: Safaricom won’t share your phone number with them in what the company describes as a move to protect the privacy of both the customer and the business owner.

This is the first time we are seeing this sort of privacy-first approach on the M-Pesa platform. Because with all other M-Pesa features, as I listed in the article back in January, you often leave so many personal details with unknown parties in very many different use cases. This is data unknown parties can use or abuse in unknown ways including full-on identity theft.

While it’s unclear whether Pochi la Biashara will pick up – especially since the feature currently requires dialing *334# rather than using the more secure SIM Toolkit or mySafaricom app – we can speculate that these privacy-first solutions will soon make their way to more M-Pesa features like Paybills, Till numbers, and even personal transactions with unknown individuals.

I have yet to encounter a small company owner who has signed up for Pochi la Biashara to observe the transactions. Is it true that Safaricom simply hides the phone number? Or are names also kept a secret? Do I get to view the company name or the business owner’s personal information? How do the owners conclude that transaction reversals are acceptable? Is it dependable, and can it be applied to all transactions?

What I’m hoping for is a time when an M-Pesa transaction won’t require me to give up all of my personal information, such as my name and phone number. Because of features like Hakikisha, knowing someone’s phone number no longer entails seeing their personal information. There will come a time when the extremely unique transaction reference code will sufficient.