Kenyan telco giant Safaricom PLC recently stated that it does not reveal some M-Pesa transaction details in the event of theft.
This occurred after an upset customer, who had been robbed, complained that money from her M-Pesa wallet was transferred to unknown numbers. However, when she requested her M-Pesa statements from Safaricom, she was unable to view the numbers where the money had been sent.
“She requested at a Safaricom shop and they gave her the statement in which some of the names were blurred . Especially the transactions that were made at that particular day. Explain to me why you would do that?!” the sister to the victim posed to Safaricom on X.
Defending the move, the telco noted that it adheres to a data privacy policy, which withholds the information from being shared with the robbery victim to limit the sharing of personal data without proper authorization or legal procedures.
The data privacy policy is a regulation pegged in the Data Protection Act of Parliament, which regulates how personal data is collected, stored, and processed by both public and private entities to ensure privacy and protect individuals’ rights.
One of its provisions is the regulation on the processing of personal data, ensuring it is done lawfully, transparently, and for specific, legitimate purposes.
In order to observe the data privacy regulations, Safaricom does not share M-Pesa statements that show all transaction information. This information may include three digits of the mobile number receiving money from the sender.
“Unfortunately, we do not disclose all the information on an M-Pesa statement. We usually mask part of the mobile number digits as per the Data Privacy Act,” said Safaricom.
Safaricom’s data privacy policy states that any sharing of personal data will comply with relevant laws and regulations.
The robbery victim can seek access to that information by obtaining legal authorization.
Safaricom will then provide the information to law enforcement agencies, regulatory authorities, Safaricom partners, fraud prevention units, credit reference bureaus, and emergency service providers, among others.
Safaricom can also disclose the information to restricted government databases for identity verification purposes to ensure compliance with regulatory requirements.
“If through a court order, the party requests for data to aid investigations, we will be in a position to disclose the information,” Safaricom assured.
Therefore, one should promptly report the theft to the nearest police station to initiate the process of obtaining the data with legal assistance.
Meanwhile, to prevent losing money if your M-Pesa SIM is stolen, Safaricom provides a USSD code that allows users to whitelist their mobile phone numbers. By dialing *100*100#, you can lock your number, preventing it from being replaced at any agent shop without your knowledge.
This code also helps in cases of SIM swap fraud by blocking access to your M-Pesa wallet and protecting your funds.