Safaricom explains why M-PESA statements are password-protected
By Faith Lagat, July 16, 2026Safaricom has explained why M-PESA statements are password-protected, saying the measure is intended to safeguard customers’ sensitive financial information.
The clarification followed a customer’s complaint on X on Thursday, July 16, 2026, questioning why statements requested by users require a password to access.
“Hi @SafaricomPLC, No one needs password on an mpesa statement they requested,” the customer wrote.
Responding to the post, Safaricom said: “Hi @IamGavin__, we understand your concern. However, M-PESA statements are password-protected as a security measure to safeguard sensitive customer information.”
The response comes a day after the company issued a public advisory urging customers to protect their M-PESA PIN and remain vigilant against fraud.
How customers access M-PESA statements
M-PESA statements enable customers to view and download their transaction history for personal record-keeping, loan applications and other financial purposes.
Customers can request statements through the M-PESA App or by dialling *334#. On the app, users log in using their PIN or biometric authentication, select the M-PESA Statements option, choose the preferred period and generate the statement.
Using the USSD option, customers select My Account, then M-PESA Statement, request the preferred statement period, enter an email address, confirm it and authenticate the request using their M-PESA PIN.

Once the request is completed, Safaricom sends an SMS containing a unique password used to open the PDF statement, which is delivered to the registered email address.
Customers can request statements covering periods of one, three, six or 12 months, with a maximum period of two years through the self-service channels.
Requests for statements older than two years, or statements required for court proceedings, are processed at Safaricom shops upon presentation of the required documentation.
Security remains a priority
Safaricom says password protection forms part of broader measures to secure customer data as digital financial services continue to grow.
The company has repeatedly advised customers not to share confidential information such as M-PESA PINs, one-time passwords or personal details with third parties.
On Wednesday, Safaricom reminded customers that the M-PESA PIN is their “final line of defense” and urged them to verify payment prompts before approving transactions, decline unfamiliar requests and report suspicious activity through official customer support channels.
According to the company, password-protecting statements helps prevent unauthorised access to transaction records if emails are intercepted or accessed by unintended recipients.
Customers experiencing delays in receiving statement passwords are advised to check their spam folders or submit a fresh request, as each statement is generated with a new unique password.
The latest clarification reinforces Safaricom’s continued focus on protecting customer information while providing convenient self-service access to M-PESA records.