Why MPESA agents must demand identity documents


The Sunday Nation


29 January 2023


Are there any two people in Kenya with the exact same number of hairs on their heads? The answer is definitely yes! And this is why: On average, humans have about 100,000 hairs on their heads. Therefore, if we counted the number of hairs on each person and selected only those with different numbers, we would get only about 100,000 distinct individuals.

But Kenya has about 50 million people; so, whatever number of hairs you have on your head, there are at least another 500 people in the country with exactly the same number as you. Considering that the 100,000 number is an average (mean) of a normally distributed quantity, it is clear that the majority of the population has exactly 100,000 hairs. That is, over 25 million people.

This thought about hair came to my mind when a reader who prefers anonymity asked me about MPESA PINs. They are four-digit codes meaning that there can only be 10,000 distinct PINs. Yet there are over 30 million registered MPESA lines. Obviously, then, whatever PIN you have selected, there are at least another 3,000 people using the exact same code! Is this a secure system? If so many people have the same PIN, can’t they transact with one another’s phones?

Well, a good security system checks identity at three levels: something that you have, something that you know and something that you are. In many cases, it is enough to use only two of these. For example, when you go to the ATM to withdraw cash, you must insert your card (something you have) and then enter a PIN (something you know).

For over-the-counter withdrawals, some banks will scan customer’s finder prints scan (something you are) before executing the transaction. Indeed, the teller may also check the customers photo from the system and verify that this the person at the counter. The customer is also required to sign the transaction document – another something that you are.

In the case of MPESA transfers, you can only transact if you have the SIM card and you know the PIN. The system matches the two to verify your identity. Since transfers are easily traceable so the two checks are enough.

For cash withdraws, a third check is introduced: customers must present their ID cards. Thus, there are two things that you must have – the SIM and the ID card. The system are checks for your location - you must be within the coverage zone of the base station serving the agent. This is something that you are.

  Back to 2023 Articles  
World of Figures Home About Figures Consultancy