It has become increasingly common for shops and restaurants in Kenya to ask customers to show their M-Pesa confirmation messages as proof of payment. While many comply without question, data protection experts caution that this practice is unnecessary and can put personal information at risk.
M-Pesa confirmation messages contain more than just proof of payment—they include your full name, phone number, transaction code, payment amount, and sometimes even your account balance.
Displaying this information publicly could expose you to identity theft, fraud, or other misuse, even after the transaction is complete.
Under Kenya’s data protection laws, this information belongs to the individual. Businesses cannot collect or retain it unless there is a valid legal reason.
Asking customers to show their messages, especially in public view, is equivalent to accessing personal data without consent.
Checking Payment Without Your Message
For businesses, seeing your M-Pesa message is not necessary to confirm payment.
Merchants receive their own confirmation through paybill or till systems, which include all details needed—such as transaction code and amount—to verify payment.
If there’s a delay, businesses are expected to check their system rather than pressuring customers for private information.
Experts advise customers to be cautious. If asked to display your M-Pesa message, you can politely refuse and request that the business check their own records. If you must provide information, reading out the transaction code alone is sufficient.
Privacy Builds Trust
For businesses, respecting customer privacy fosters trust. Training staff on digital payment systems and data protection policies ensures that personal information is not unnecessarily exposed.
As digital transactions continue to rise in Kenya, both businesses and customers must be vigilant about safeguarding personal data. Convenience should never come at the expense of privacy.
Tags
Technology