[kictanet] MPESA 'Hakikisha' Privacy Issues

Nick Ngatia nthawz at gmail.com
Wed Jan 22 22:18:45 EAT 2020


In 2020, Safaricom should do something about the data privacy concerns
raised in various fora.

I think one of the most controversial features that was introduced in 2019
was Hakikisha. Touted as a way to reduce money sent to the wrong
recipients, it has become a major headache for those who are
conscious about privacy of personal data. It is a good thing that you can
only 'hakikisha' upto 5 times per day. However, this limit does not seem to
work on mySafaricom app.

The basic argument is that just because I need to send you money, you don't
have to know my full names as they appear on ID. Secondly, this service has
been abused by fraudsters multiple times to access personal data that they
should otherwise have not access to. The lack of a limit on MySafaricom App
means that a fraudster can guess random Safaricom numbers and get their
full names as they appear on ID many many times in a day.  The problem is
that Safaricom does not seem to do anything about all the concerns raised
from different quarters about the Hakikisha feature.

One viable recommendation has been to give each MPESA user a unique
'SafaricomID'. This ID, whether numeric or alphanumeric, *should be
displayed* when sending or receiving money via MPESA. In the Safaricom
registry, this ID should mirror all the users legal data and can be easily
accessed by an authorized person if an
issue/crime/money-sent-to-the-wrong-person-case comes up. This simple
action will cut down the fraudsters who propagate their business via mobile
money by at least half.

If you look at it deeply, I think it is your problem if you are not
diligent enough and send money to a wrong number. You simply tell MPESA
what to do just like you fill a transaction advice at a bank. You can't
blame the teller if you missed a digit when writing the account number and
the money ended in the wrong account.

Your phone number has now become a virtual nametag which you wear waiting
for whoever cares, even strangers, to read your full names. I think this
should stop in 2020!

*And btw, anyone has a case study of the much hyped data protection law
being implemented?*
--------------------------------

*Nick Ngatia*
Email <nick.ngatia at childrenyouth.org> *|* Facebook
<http://www.facebook.com/niccoswagg1> *|* *Twitter
<http://www.twitter.com/nickngatia> **| LinkedIn
<https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic>
*
*Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*

*"Development Towards Sustainability is far too more important to leave it
to chance."*
---------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20200122/e7f91933/attachment.htm>


More information about the KICTANet mailing list