- This is akin to the model banks use when sending account numbers to avoid disclosing details of their clients, and Safaricom is adopting the model in line with the data protection law.
- At present, people paying for goods and services leave their numbers and names with thousands of merchants.
- With access to consumers’ phone numbers and buying habits, the merchants use the personal information to send unsolicited advertising through text messages.
Safaricom #ticker:SCOM will at the end of June start blocking customer contact details when making payments through Lipa na M-Pesa to curb personal information being traded to advertisers or leaking to fraudsters.
The telco will only display the first name of subscribers making payments through the platform and a few digits of their phone number, effectively hiding the contact of the customer.
This is akin to the model banks use when sending account numbers to avoid disclosing details of their clients, and Safaricom is adopting the model in line with the data protection law, which was enacted in 2019 to protect privacy.
“At the end of June, phone numbers and full names of subscribers making transactions will no longer be relayed to partners,” Safaricom told merchants in correspondence seen by Business Daily.
“Only the first name will be passed along and the phone number of the subscriber making the transaction will be masked (obfuscated). For example, if a person named John Doe with a phone number +254(redacted) makes a payment the only data that will be passed along is [John, +2547XXXXX654].”
At present, people paying for goods and services leave their numbers and names with thousands of merchants.
With access to consumers’ phone numbers and buying habits, the merchants use the personal information to send unsolicited advertising through text messages.
The information can also be sold to third parties without consent in breach of the data protection law. The data protection law sets out restrictions on how personally identifiable data obtained by firms and government entities can be handled, stored and shared.
“Pursuant to the Data Protection Act 2019 which came into law on 25th November 2019, Safaricom will be changing how they share data with Lipa Na M-Pesa Partners in general,” said Safaricom.
“Safaricom and its partners are required to take action to minimise the use and transfer of sensitive data such as names and phone numbers during the processing of transactions.”
Safaricom's move to curb use of clients’ data by third parties comes amid revelations that more than a fifth of Kenyan companies shared customers’ financial and personal information without consent.
A survey by consultancy Ernst & Young (EY) shows that 41 percent of firms transferred client data to third-party service providers. More than half or 53 percent of these companies or 21.7 percent of firms captured in the EY survey did not seek the approval of their customers.
This violates the law that restricts the handling and sharing of personal data firms and government entities obtain.
Individuals in breach risk a maximum fine of Sh3 million or 10 years in jail, while firms risk a fine of up to Sh5 million or one percent of annual turnover.
The personal information was mainly shared for analysis, processing transactions, sending SMS alerts or to advertisers.
Some firms passed client data to partners in business, while others gave information to law enforcement officers for investigations.
The EY survey said there were also instances of selling the data to vendors. Sharing of client information to third parties has led to unregulated text messages, unsolicited emails or notifications of services and products such as insurance policies.
Individuals also risk having their identities cloned, exposing customers to financial fraud.
Data has been described as the “new oil” and brokers play a huge role in extracting value from personal information in all its forms. They collect it from various sources, including census information, surveys, public records and loyalty card programmes. They then sell the data.
Kenya ranks third among countries that receive the most spam messages, averaging 102 per month per subscriber, according to data from Truecaller, the Stockholm-based caller identification app.
Merchant payments through M-Pesa have grown, especially during Covid-19 as consumers increasingly make cashless transactions to avoid contracting the highly infectious virus.
Lipa na M-Pesa was launched in June 2013 and has aggressively recruited merchants across the country, including large and small businesses such as fuel stations, supermarkets, corner shops and eateries.
This has seen it overtake the card payments — run by banks and their global payments technology partners such as Visa and Mastercard — that have largely focused on serving formal retailers. Active Lipa na M-Pesa merchants grew by 72.8 percent to 387,000, highlighting the impact of increased preference for cashless transactions.
Safaricom’s till and pay-bill service have risen to take an 85.8 percent market share of non-cash payments for ordinary goods and services, underlining the entrenchment of the mobile money platform in everyday transactions.
For merchants, the use of cashless payments has the benefit of reducing revenue leakages besides eliminating the risks and costs of handling notes and coins.
Cashless payments are expected to grow in the coming years, partly due to increased digitisation and lowering of fees by payment service providers.
Kenya, however, still relies heavily on hard cash through which more than 90 percent of transactions are settled.
Lipa na M-Pesa is part of the expansion of the mobile money platform into an ecosystem offering payments, cash transfers, credit, insurance, savings and investment services.