No, Stop the Mpesa *234#
Press *234# and call from your Safaricom line to get 5 previous transactions on your Mpesa account. That is not news, I know. My problem is, this newly developed idea lacks logic.
Don’t crucify me yet but do this, ask your friend’s phone and dial *234#, boom! You will get all their Mpesa account statement just within 30seconds. Now go ahead and ask some money from them. See, breach or privacy! The problem doesn’t fall on you; it falls on those who brought up this idea.
Come on Safaricom, your “check my Mpesa account Statement” system is insecure. It is breaching people’s Mpesa records security for sure. The same way you advice your clients to keep their PIN secret and share it with no one, it is the same way their transactions must be kept more secure.
With this new system of checking your Mpesa statement, you will have to sit on your phone all the time so that no one with hidden agenda finds your financial records by just clicking on your phone. This problem came along when my friend called me up; he wanted us to meet urgently because of something he referred to as a serious problem. When we finally met, he looked scowled like someone had been threatened to have his body parts sold.
He handed me his phone and ordered me to read a forwarded message. The message was from his girlfriend but it was an Mpesa account statement. My friend told me how he heard of the method of checking your account statement on radio and he tried it on his own phone. His statements showed so correctly, he had sent money three times to his girlfriend in the past few days.
He did not have a problem with that. He decided to dial the same on his girlfriend’s phone. That is when he got the shocker of his life! The girlfriend had sent the same amount of money he had sent to her previously to her ex-boyfriend, #dead.
Then the question came, how secure or private is your Mpesa account statement? If anyone can pick your phone and read your statement just like that, then that is not private anymore. Safaricom mnacho kibarua of making our balances secure. Men, do something now or else thugs will be getting hold of our phones, check our last transactions to tell how much someone has in their accounts before they force them to send it all to them. Let it be part of the Mpesa menu where the user has to enter a PIN.
Of course it is easy to tell how much someone has from their last five transitions. If someone deposited 10, 000 and his or her next transaction is **** sent 2, 000 to****, you can easily tell they have at least 7, 000. Even if someone cannot withdraw or send himself your money without the PIN, he still has information about your last five transactions. If such transactions are controversial like those of my friend, then every Mpesa customer is in trouble!