Inside the rising cost of keeping your M-Pesa safe
By Faith Lagat, July 17, 2026Kenya’s mobile money ecosystem has transformed how millions save, send and receive money. M-Pesa remains at the centre of that transformation, offering fast and convenient financial services across the country.
However, as digital transactions continue to increase, so do attempts by fraudsters to exploit unsuspecting users, prompting Safaricom to roll out more customer security measures.
On July 15, 2026, Safaricom issued a public advisory reminding customers that their M-Pesa PIN remains the final layer of protection against fraud. The company urged users to verify every payment request before approving it and cautioned customers against sharing sensitive information.
“Before entering your M-Pesa PIN, confirm the recipient and the reason for payment. Decline any unexpected requests,” the company said.
Safaricom also reminded customers that it does not request M-Pesa PINs, national identity card details or one-time passwords through phone calls, text messages or social media platforms, and advised users to report suspicious messages through official channels or by forwarding them to 333.

Extra security measures
The company’s customer awareness campaign continued a day later after a customer questioned why M-Pesa statements require a password before they can be opened.
Responding on X, Safaricom explained that the statements are password-protected to safeguard customers’ financial information.
Customers requesting M-Pesa statements through the M-Pesa app or *334# receive the document as a password-protected PDF, while the password is sent separately through SMS.
The additional verification step is designed to prevent unauthorised access to transaction records in the event an email account is compromised.

Safaricomp post. PHOTO/A screengrab by PD Digital@SafaricomPLC/X
The security feature reflects the increasing importance of protecting digital financial records as more Kenyans rely on mobile money for personal and business transactions.
At the same time, customers are expected to keep track of additional passwords and verification steps whenever they access their financial records.
Balancing convenience and security
The latest advisories highlight the changing nature of digital financial security, where customers are encouraged to verify transactions before completing payments and remain alert to fraudulent requests.
Fraudsters continue to adopt new tactics, including fake payment prompts, impersonation of trusted contacts and attempts to obtain confidential information from customers. Once an M-Pesa PIN is entered into a fraudulent transaction, recovering the funds can be difficult.
Safaricom has consistently urged customers to secure their devices, avoid sharing personal credentials and remain cautious when handling payment requests.
As mobile money usage expands, customer awareness campaigns have become a key part of fraud prevention alongside system-based security measures.
The company’s repeated reminders underscore the need for vigilance in an environment where digital fraud continues to evolve. While M-Pesa remains one of Kenya’s most widely used financial platforms, users are increasingly being encouraged to verify every transaction, protect their credentials and make use of the security tools available to safeguard their accounts.