Safaricom has explained why customers receive Mpesa statements with phone numbers blurred out, after a user took to social media to question the usefulness of redacted records, especially since the statements are already password-protected.
The customer, Mercy Korir, posted on X on March 10, asking why Safaricom would mask phone numbers in a document that requires a unique access code, adding that banks send full statements without such redactions.
“What’s the point of sending me my MPESA statement with phone numbers redacted? How is it useful? The document is password-protected, with a unique code. Even banks don’t redact anything in the statements they send us,” asked Mercy Korir.
Safaricom Explains Reason for Redacted Details in M‑PESA Statements
Safaricom responded that hiding phone numbers is a legal requirement under data protection rules and part of its efforts to minimize the exposure of personal information, even in secured documents.
According to the organization, an SMS with a one-time password is automatically sent when a customer requests a statement, ensuring only the account owner can open it. The company apologized for any inconvenience caused and stressed that the redaction is meant to protect user data from unnecessary visibility.
Also Read: Safaricom Details How to Fix M-PESA App Transaction History Following Users Frustrations
The phone numbers are redacted in accordance with the data protection policy. Once you request a statement, an sms is sent with the password to enable you to access the statement. Apologies for the inconvenience,” responded Safaricom.
Safaricom also clarified that customers who need a full, unmasked version often for legal or verification purposes must visit a Safaricom Shop in person. They will be required to present identification and, in most cases, a Police Abstract before the complete statement can be issued.
Safaricom Cites Data Protection Laws as Users Demand Full Access to Their Own Records
Not all customers were satisfied with the explanations. They argued that if they can already see full numbers in real-time M-Pesa alerts, masking them in a statement “doesn’t feel consistent with the privacy logic.” Another user, Gee, questioned how they could be denied access to data they had generated, suggesting the policy was overly restrictive.
“How can I generate the data by myself, then you deny me access to the same data? Without me generating it, would it not exist? Unless you are covering up for rogue employees who steal this data, there is no reason to deny me the same data I generated,” Gee argued.
Also Read: Safaricom Adds M-PESA Feature Allowing Users to Buy and Sell NSE Shares Directly
Safaricom responded to such concerns by reaffirming that masking acts as a protective layer “to guard against rogue access” and that full information is available through the proper verification process at retail shops.
“Gee, we hear you. Unfortunately, we mask the statement as a shield under the Data Protection Act to keep it safe from ‘rogue’ access. You can get the full, unmasked version by visiting any Safaricom Shop with a Police OB and your original ID,” clarified Safaricom.
Another concerned user, Suleiman Gatheru, also questioned the policy, saying it did not make sense since full numbers still appear during normal transactions. He argued:
“You say it’s about data privacy, yet when I send or receive money, I get the recipient’s phone number. Where is data privacy there? Again, it’s a statement only intended for the user since he requested it and it’s encrypted.”
Follow our WhatsApp Channel and X Account for real-time news updates.





