[kictanet] MPESA 'Hakikisha' Privacy Issues

Arya Jeipea Karijo johnpaulem at gmail.com
Thu Jan 23 08:40:12 EAT 2020 

I think they will argue that they have provided options for opting out.
But the thing is you have to go looking for it... it is not in your face.

But as I have said before - the threshold of compliance with data
protection and also in getting users to read "software license agreements"
should be as high as the same level companies use to market their products.

That means if a company can go all out with a video to advertise their
service... then the "Software license agreement" should be a fancy video...
"think of it a little bit like the little ones they have on the flights
telling you about safety" - in extreme case scenario the sales person
should "educate" the user into what they are signing up for.


With kind regards


Jeipea

Believe in yourself then you can change your world

____________________________________________
Skype: john.paul.em
Cell: +254735586956


On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> In 2020, Safaricom should do something about the data privacy concerns
> raised in various fora.
>
> I think one of the most controversial features that was introduced in 2019
> was Hakikisha. Touted as a way to reduce money sent to the wrong
> recipients, it has become a major headache for those who are
> conscious about privacy of personal data. It is a good thing that you can
> only 'hakikisha' upto 5 times per day. However, this limit does not seem to
> work on mySafaricom app.
>
> The basic argument is that just because I need to send you money, you
> don't have to know my full names as they appear on ID. Secondly, this
> service has been abused by fraudsters multiple times to access personal
> data that they should otherwise have not access to. The lack of a limit on
> MySafaricom App means that a fraudster can guess random Safaricom numbers
> and get their full names as they appear on ID many many times in a day.
> The problem is that Safaricom does not seem to do anything about all the
> concerns raised from different quarters about the Hakikisha feature.
>
> One viable recommendation has been to give each MPESA user a unique
> 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be
> displayed* when sending or receiving money via MPESA. In the Safaricom
> registry, this ID should mirror all the users legal data and can be easily
> accessed by an authorized person if an
> issue/crime/money-sent-to-the-wrong-person-case comes up. This simple
> action will cut down the fraudsters who propagate their business via mobile
> money by at least half.
>
> If you look at it deeply, I think it is your problem if you are not
> diligent enough and send money to a wrong number. You simply tell MPESA
> what to do just like you fill a transaction advice at a bank. You can't
> blame the teller if you missed a digit when writing the account number and
> the money ended in the wrong account.
>
> Your phone number has now become a virtual nametag which you wear waiting
> for whoever cares, even strangers, to read your full names. I think this
> should stop in 2020!
>
> *And btw, anyone has a case study of the much hyped data protection law
> being implemented?*
> --------------------------------
>
> *Nick Ngatia*
> Email <nick.ngatia at childrenyouth.org> *|* Facebook
> <http://www.facebook.com/niccoswagg1> *|* *Twitter
> <http://www.twitter.com/nickngatia> **| LinkedIn
> <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> *
> *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
>
> *"Development Towards Sustainability is far too more important to leave it
> to chance."*
> ---------------------------------
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20200123/4d8931b1/attachment.htm>

More information about the KICTANet mailing list