[kictanet] MPESA 'Hakikisha' Privacy Issues

Arya Jeipea Karijo johnpaulem at gmail.com
Thu Jan 23 19:16:25 EAT 2020


Hi Ali,

Absolutely true, Opt In not Opt Out is best practice - but as Twahir says
the fine print.

Most Kenyans don't even know Hakikisha is a service they were "opted in to"
they just know "Safaricom improved services so that they won't send money
to a wrong person" - but who knows maybe with Simple | Transparent | Honest
- they might become better than other corporates at explaining fine print.

With kind regards


Jeipea

Believe in yourself then you can change your world

____________________________________________
Skype: john.paul.em
Cell: +254735586956


On Thu, Jan 23, 2020 at 6:20 PM Ali Hussein <ali at hussein.me.ke> wrote:

> Arya
>
> The new Permission Marketing best practice is opt-in, NOT opt-out.
>
> Regards
>
> *Ali Hussein*
>
>
> Tel: +254 713 601113
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim
> <http://ke.linkedin.com/in/alihkassim>
>
>
>
>
> Any information of a personal nature expressed in this email are purely
> mine and do not necessarily reflect the official positions of the
> organizations that I work with.
>
>
> On Thu, Jan 23, 2020 at 4:10 PM Arya Jeipea Karijo via kictanet <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> I think they will argue that they have provided options for opting out.
>> But the thing is you have to go looking for it... it is not in your face.
>>
>> But as I have said before - the threshold of compliance with data
>> protection and also in getting users to read "software license agreements"
>> should be as high as the same level companies use to market their products.
>>
>> That means if a company can go all out with a video to advertise their
>> service... then the "Software license agreement" should be a fancy video...
>> "think of it a little bit like the little ones they have on the flights
>> telling you about safety" - in extreme case scenario the sales person
>> should "educate" the user into what they are signing up for.
>>
>>
>> With kind regards
>>
>>
>> Jeipea
>>
>> Believe in yourself then you can change your world
>>
>> ____________________________________________
>> Skype: john.paul.em
>> Cell: +254735586956
>>
>>
>> On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>> In 2020, Safaricom should do something about the data privacy concerns
>>> raised in various fora.
>>>
>>> I think one of the most controversial features that was introduced in
>>> 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong
>>> recipients, it has become a major headache for those who are
>>> conscious about privacy of personal data. It is a good thing that you can
>>> only 'hakikisha' upto 5 times per day. However, this limit does not seem to
>>> work on mySafaricom app.
>>>
>>> The basic argument is that just because I need to send you money, you
>>> don't have to know my full names as they appear on ID. Secondly, this
>>> service has been abused by fraudsters multiple times to access personal
>>> data that they should otherwise have not access to. The lack of a limit on
>>> MySafaricom App means that a fraudster can guess random Safaricom numbers
>>> and get their full names as they appear on ID many many times in a day.
>>> The problem is that Safaricom does not seem to do anything about all the
>>> concerns raised from different quarters about the Hakikisha feature.
>>>
>>> One viable recommendation has been to give each MPESA user a unique
>>> 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be
>>> displayed* when sending or receiving money via MPESA. In the Safaricom
>>> registry, this ID should mirror all the users legal data and can be easily
>>> accessed by an authorized person if an
>>> issue/crime/money-sent-to-the-wrong-person-case comes up. This simple
>>> action will cut down the fraudsters who propagate their business via mobile
>>> money by at least half.
>>>
>>> If you look at it deeply, I think it is your problem if you are not
>>> diligent enough and send money to a wrong number. You simply tell MPESA
>>> what to do just like you fill a transaction advice at a bank. You can't
>>> blame the teller if you missed a digit when writing the account number and
>>> the money ended in the wrong account.
>>>
>>> Your phone number has now become a virtual nametag which you wear
>>> waiting for whoever cares, even strangers, to read your full names. I think
>>> this should stop in 2020!
>>>
>>> *And btw, anyone has a case study of the much hyped data protection law
>>> being implemented?*
>>> --------------------------------
>>>
>>> *Nick Ngatia*
>>> Email <nick.ngatia at childrenyouth.org> *|* Facebook
>>> <http://www.facebook.com/niccoswagg1> *|* *Twitter
>>> <http://www.twitter.com/nickngatia> **| LinkedIn
>>> <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> *
>>> *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
>>>
>>> *"Development Towards Sustainability is far too more important to leave
>>> it to chance."*
>>> ---------------------------------
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke
>>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>> Twitter: http://twitter.com/kictanet
>>> Facebook: https://www.facebook.com/KICTANet/
>>>
>>> Unsubscribe or change your options at
>>> https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
>>>
>>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>>> for people and institutions interested and involved in ICT policy and
>>> regulation. The network aims to act as a catalyst for reform in the ICT
>>> sector in support of the national aim of ICT enabled growth and development.
>>>
>>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>>> online that you follow in real life: respect people's times and bandwidth,
>>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>>> not spam, do not market your wares or qualifications.
>>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>> Twitter: http://twitter.com/kictanet
>> Facebook: https://www.facebook.com/KICTANet/
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20200123/55e7255d/attachment.htm>


More information about the KICTANet mailing list