MPESA 'Hakikisha' Privacy Issues
In 2020, Safaricom should do something about the data privacy concerns raised in various fora. I think one of the most controversial features that was introduced in 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong recipients, it has become a major headache for those who are conscious about privacy of personal data. It is a good thing that you can only 'hakikisha' upto 5 times per day. However, this limit does not seem to work on mySafaricom app. The basic argument is that just because I need to send you money, you don't have to know my full names as they appear on ID. Secondly, this service has been abused by fraudsters multiple times to access personal data that they should otherwise have not access to. The lack of a limit on MySafaricom App means that a fraudster can guess random Safaricom numbers and get their full names as they appear on ID many many times in a day. The problem is that Safaricom does not seem to do anything about all the concerns raised from different quarters about the Hakikisha feature. One viable recommendation has been to give each MPESA user a unique 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be displayed* when sending or receiving money via MPESA. In the Safaricom registry, this ID should mirror all the users legal data and can be easily accessed by an authorized person if an issue/crime/money-sent-to-the-wrong-person-case comes up. This simple action will cut down the fraudsters who propagate their business via mobile money by at least half. If you look at it deeply, I think it is your problem if you are not diligent enough and send money to a wrong number. You simply tell MPESA what to do just like you fill a transaction advice at a bank. You can't blame the teller if you missed a digit when writing the account number and the money ended in the wrong account. Your phone number has now become a virtual nametag which you wear waiting for whoever cares, even strangers, to read your full names. I think this should stop in 2020! *And btw, anyone has a case study of the much hyped data protection law being implemented?* -------------------------------- *Nick Ngatia* Email <nick.ngatia@childrenyouth.org> *|* Facebook <http://www.facebook.com/niccoswagg1> *|* *Twitter <http://www.twitter.com/nickngatia> **| LinkedIn <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> * *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015* *"Development Towards Sustainability is far too more important to leave it to chance."* ---------------------------------
I think they will argue that they have provided options for opting out. But the thing is you have to go looking for it... it is not in your face. But as I have said before - the threshold of compliance with data protection and also in getting users to read "software license agreements" should be as high as the same level companies use to market their products. That means if a company can go all out with a video to advertise their service... then the "Software license agreement" should be a fancy video... "think of it a little bit like the little ones they have on the flights telling you about safety" - in extreme case scenario the sales person should "educate" the user into what they are signing up for. With kind regards Jeipea Believe in yourself then you can change your world ____________________________________________ Skype: john.paul.em Cell: +254735586956 On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet < kictanet@lists.kictanet.or.ke> wrote:
In 2020, Safaricom should do something about the data privacy concerns raised in various fora.
I think one of the most controversial features that was introduced in 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong recipients, it has become a major headache for those who are conscious about privacy of personal data. It is a good thing that you can only 'hakikisha' upto 5 times per day. However, this limit does not seem to work on mySafaricom app.
The basic argument is that just because I need to send you money, you don't have to know my full names as they appear on ID. Secondly, this service has been abused by fraudsters multiple times to access personal data that they should otherwise have not access to. The lack of a limit on MySafaricom App means that a fraudster can guess random Safaricom numbers and get their full names as they appear on ID many many times in a day. The problem is that Safaricom does not seem to do anything about all the concerns raised from different quarters about the Hakikisha feature.
One viable recommendation has been to give each MPESA user a unique 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be displayed* when sending or receiving money via MPESA. In the Safaricom registry, this ID should mirror all the users legal data and can be easily accessed by an authorized person if an issue/crime/money-sent-to-the-wrong-person-case comes up. This simple action will cut down the fraudsters who propagate their business via mobile money by at least half.
If you look at it deeply, I think it is your problem if you are not diligent enough and send money to a wrong number. You simply tell MPESA what to do just like you fill a transaction advice at a bank. You can't blame the teller if you missed a digit when writing the account number and the money ended in the wrong account.
Your phone number has now become a virtual nametag which you wear waiting for whoever cares, even strangers, to read your full names. I think this should stop in 2020!
*And btw, anyone has a case study of the much hyped data protection law being implemented?* --------------------------------
*Nick Ngatia* Email <nick.ngatia@childrenyouth.org> *|* Facebook <http://www.facebook.com/niccoswagg1> *|* *Twitter <http://www.twitter.com/nickngatia> **| LinkedIn <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> * *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
*"Development Towards Sustainability is far too more important to leave it to chance."* --------------------------------- _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Arya The new Permission Marketing best practice is opt-in, NOT opt-out. Regards *Ali Hussein* Tel: +254 713 601113 Twitter: @AliHKassim Skype: abu-jomo LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim> Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with. On Thu, Jan 23, 2020 at 4:10 PM Arya Jeipea Karijo via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I think they will argue that they have provided options for opting out. But the thing is you have to go looking for it... it is not in your face.
But as I have said before - the threshold of compliance with data protection and also in getting users to read "software license agreements" should be as high as the same level companies use to market their products.
That means if a company can go all out with a video to advertise their service... then the "Software license agreement" should be a fancy video... "think of it a little bit like the little ones they have on the flights telling you about safety" - in extreme case scenario the sales person should "educate" the user into what they are signing up for.
With kind regards
Jeipea
Believe in yourself then you can change your world
____________________________________________ Skype: john.paul.em Cell: +254735586956
On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet < kictanet@lists.kictanet.or.ke> wrote:
In 2020, Safaricom should do something about the data privacy concerns raised in various fora.
I think one of the most controversial features that was introduced in 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong recipients, it has become a major headache for those who are conscious about privacy of personal data. It is a good thing that you can only 'hakikisha' upto 5 times per day. However, this limit does not seem to work on mySafaricom app.
The basic argument is that just because I need to send you money, you don't have to know my full names as they appear on ID. Secondly, this service has been abused by fraudsters multiple times to access personal data that they should otherwise have not access to. The lack of a limit on MySafaricom App means that a fraudster can guess random Safaricom numbers and get their full names as they appear on ID many many times in a day. The problem is that Safaricom does not seem to do anything about all the concerns raised from different quarters about the Hakikisha feature.
One viable recommendation has been to give each MPESA user a unique 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be displayed* when sending or receiving money via MPESA. In the Safaricom registry, this ID should mirror all the users legal data and can be easily accessed by an authorized person if an issue/crime/money-sent-to-the-wrong-person-case comes up. This simple action will cut down the fraudsters who propagate their business via mobile money by at least half.
If you look at it deeply, I think it is your problem if you are not diligent enough and send money to a wrong number. You simply tell MPESA what to do just like you fill a transaction advice at a bank. You can't blame the teller if you missed a digit when writing the account number and the money ended in the wrong account.
Your phone number has now become a virtual nametag which you wear waiting for whoever cares, even strangers, to read your full names. I think this should stop in 2020!
*And btw, anyone has a case study of the much hyped data protection law being implemented?* --------------------------------
*Nick Ngatia* Email <nick.ngatia@childrenyouth.org> *|* Facebook <http://www.facebook.com/niccoswagg1> *|* *Twitter <http://www.twitter.com/nickngatia> **| LinkedIn <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> * *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
*"Development Towards Sustainability is far too more important to leave it to chance."* --------------------------------- _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Unfortunately on this issue, corporates are purposefully having the fine print knowing well that 99.9% of customers would not read. This IS a SAFETY NET for them in case one sues you would be pointed to the fine print which you had appended your signature too without reading. I would actually put it to *DISHONESTY* on the part of providers. This calls for the regulator to enforce standardisation and simplification of these so that wanjiku needs not a lawyer to translate the terms of such contracts. KICTANET & Lawyers Hub reps here should move this as an agenda. On Thu, Jan 23, 2020, 6:22 PM Ali Hussein via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Arya
The new Permission Marketing best practice is opt-in, NOT opt-out.
Regards
*Ali Hussein*
Tel: +254 713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>
Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with.
On Thu, Jan 23, 2020 at 4:10 PM Arya Jeipea Karijo via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I think they will argue that they have provided options for opting out. But the thing is you have to go looking for it... it is not in your face.
But as I have said before - the threshold of compliance with data protection and also in getting users to read "software license agreements" should be as high as the same level companies use to market their products.
That means if a company can go all out with a video to advertise their service... then the "Software license agreement" should be a fancy video... "think of it a little bit like the little ones they have on the flights telling you about safety" - in extreme case scenario the sales person should "educate" the user into what they are signing up for.
With kind regards
Jeipea
Believe in yourself then you can change your world
____________________________________________ Skype: john.paul.em Cell: +254735586956
On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet < kictanet@lists.kictanet.or.ke> wrote:
In 2020, Safaricom should do something about the data privacy concerns raised in various fora.
I think one of the most controversial features that was introduced in 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong recipients, it has become a major headache for those who are conscious about privacy of personal data. It is a good thing that you can only 'hakikisha' upto 5 times per day. However, this limit does not seem to work on mySafaricom app.
The basic argument is that just because I need to send you money, you don't have to know my full names as they appear on ID. Secondly, this service has been abused by fraudsters multiple times to access personal data that they should otherwise have not access to. The lack of a limit on MySafaricom App means that a fraudster can guess random Safaricom numbers and get their full names as they appear on ID many many times in a day. The problem is that Safaricom does not seem to do anything about all the concerns raised from different quarters about the Hakikisha feature.
One viable recommendation has been to give each MPESA user a unique 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be displayed* when sending or receiving money via MPESA. In the Safaricom registry, this ID should mirror all the users legal data and can be easily accessed by an authorized person if an issue/crime/money-sent-to-the-wrong-person-case comes up. This simple action will cut down the fraudsters who propagate their business via mobile money by at least half.
If you look at it deeply, I think it is your problem if you are not diligent enough and send money to a wrong number. You simply tell MPESA what to do just like you fill a transaction advice at a bank. You can't blame the teller if you missed a digit when writing the account number and the money ended in the wrong account.
Your phone number has now become a virtual nametag which you wear waiting for whoever cares, even strangers, to read your full names. I think this should stop in 2020!
*And btw, anyone has a case study of the much hyped data protection law being implemented?* --------------------------------
*Nick Ngatia* Email <nick.ngatia@childrenyouth.org> *|* Facebook <http://www.facebook.com/niccoswagg1> *|* *Twitter <http://www.twitter.com/nickngatia> **| LinkedIn <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> * *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
*"Development Towards Sustainability is far too more important to leave it to chance."* --------------------------------- _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/twahir%40hussein.me.ke
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Hi Ali, Absolutely true, Opt In not Opt Out is best practice - but as Twahir says the fine print. Most Kenyans don't even know Hakikisha is a service they were "opted in to" they just know "Safaricom improved services so that they won't send money to a wrong person" - but who knows maybe with Simple | Transparent | Honest - they might become better than other corporates at explaining fine print. With kind regards Jeipea Believe in yourself then you can change your world ____________________________________________ Skype: john.paul.em Cell: +254735586956 On Thu, Jan 23, 2020 at 6:20 PM Ali Hussein <ali@hussein.me.ke> wrote:
Arya
The new Permission Marketing best practice is opt-in, NOT opt-out.
Regards
*Ali Hussein*
Tel: +254 713 601113
Twitter: @AliHKassim
Skype: abu-jomo
LinkedIn: http://ke.linkedin.com/in/alihkassim <http://ke.linkedin.com/in/alihkassim>
Any information of a personal nature expressed in this email are purely mine and do not necessarily reflect the official positions of the organizations that I work with.
On Thu, Jan 23, 2020 at 4:10 PM Arya Jeipea Karijo via kictanet < kictanet@lists.kictanet.or.ke> wrote:
I think they will argue that they have provided options for opting out. But the thing is you have to go looking for it... it is not in your face.
But as I have said before - the threshold of compliance with data protection and also in getting users to read "software license agreements" should be as high as the same level companies use to market their products.
That means if a company can go all out with a video to advertise their service... then the "Software license agreement" should be a fancy video... "think of it a little bit like the little ones they have on the flights telling you about safety" - in extreme case scenario the sales person should "educate" the user into what they are signing up for.
With kind regards
Jeipea
Believe in yourself then you can change your world
____________________________________________ Skype: john.paul.em Cell: +254735586956
On Thu, Jan 23, 2020 at 12:00 AM Nick Ngatia via kictanet < kictanet@lists.kictanet.or.ke> wrote:
In 2020, Safaricom should do something about the data privacy concerns raised in various fora.
I think one of the most controversial features that was introduced in 2019 was Hakikisha. Touted as a way to reduce money sent to the wrong recipients, it has become a major headache for those who are conscious about privacy of personal data. It is a good thing that you can only 'hakikisha' upto 5 times per day. However, this limit does not seem to work on mySafaricom app.
The basic argument is that just because I need to send you money, you don't have to know my full names as they appear on ID. Secondly, this service has been abused by fraudsters multiple times to access personal data that they should otherwise have not access to. The lack of a limit on MySafaricom App means that a fraudster can guess random Safaricom numbers and get their full names as they appear on ID many many times in a day. The problem is that Safaricom does not seem to do anything about all the concerns raised from different quarters about the Hakikisha feature.
One viable recommendation has been to give each MPESA user a unique 'SafaricomID'. This ID, whether numeric or alphanumeric, *should be displayed* when sending or receiving money via MPESA. In the Safaricom registry, this ID should mirror all the users legal data and can be easily accessed by an authorized person if an issue/crime/money-sent-to-the-wrong-person-case comes up. This simple action will cut down the fraudsters who propagate their business via mobile money by at least half.
If you look at it deeply, I think it is your problem if you are not diligent enough and send money to a wrong number. You simply tell MPESA what to do just like you fill a transaction advice at a bank. You can't blame the teller if you missed a digit when writing the account number and the money ended in the wrong account.
Your phone number has now become a virtual nametag which you wear waiting for whoever cares, even strangers, to read your full names. I think this should stop in 2020!
*And btw, anyone has a case study of the much hyped data protection law being implemented?* --------------------------------
*Nick Ngatia* Email <nick.ngatia@childrenyouth.org> *|* Facebook <http://www.facebook.com/niccoswagg1> *|* *Twitter <http://www.twitter.com/nickngatia> **| LinkedIn <https://www.linkedin.com/in/nick-ngatia-a6b06a7b?trk=nav_responsive_tab_profile_pic> * *Skype:* *nick.ngatia** |* *Phone:* *+25**4 (0) 711 42 2015*
*"Development Towards Sustainability is far too more important to leave it to chance."* --------------------------------- _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/johnpaulem%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/info%40alyhussein.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
participants (4)
-
Ali Hussein -
Arya Jeipea Karijo -
Nick Ngatia -
Twahir Hussein Kassim