By Picture this. A bedridden elderly woman in Nairobi cannot move from her bed. She needs money for medical bills. All her savings are in her M-Pesa account, tied to a SIM card that has stopped working. Her family goes to the nearest Safaricom shop and explains the situation. The agent is sympathetic. But the answer is the same: she must appear in person, with her ID, and provide her thumbprint or face biometric for a SIM swap. No exceptions.
The family contacts customer care. Same answer. They ask if an agent can come to the house. No, security protocols prohibit home visits for SIM swaps. They ask if a family member can act on her behalf. No, not without a Power of Attorney, a legal document that requires a lawyer, a notary, and time that a medical emergency does not allow.
The M-Pesa account with the medical bill money sits locked. The family is stuck.
This story went viral on Kenyan social media recently, and the reason it resonated so deeply is that most Kenyans recognise it immediately. This is not an edge case. For Kenya's elderly, disabled, and bedridden population, Safaricom's SIM swap policy is not a security feature. It is a wall.
Why the Policy Exists — and Why It Made Sense
To be fair to Safaricom, the strict in-person SIM swap policy did not come from nowhere. It was a direct response to one of Kenya's most damaging forms of financial crime.
SIM swap fraud works by tricking or bribing a telecom agent into transferring a victim's phone number to a new SIM card controlled by the fraudster. Once the fraudster has the number, they own every OTP, every M-Pesa transaction confirmation, and every two-factor authentication code that comes to it. They can drain a bank account, empty an M-Pesa wallet, and disappear before the victim realises what has happened.
At its peak, SIM swap fraud was devastating Kenyan families. Safaricom's response, tightening SIM swap requirements to mandatory physical presence with biometric verification, making it impossible for anyone to perform a swap without the subscriber's physical body being in the room — was the right instinct. Fraud dropped. The security improvement was real.
But security design that works for the majority while creating an impossible situation for a vulnerable minority is not good enough. And the policy as currently implemented does exactly that.
The KYC Paradox
Know Your Customer (KYC ) is the framework that financial and telecom institutions use to verify the identity of their customers. The philosophy is sound: you should be certain that the person accessing an account is actually the account holder.
The paradox Safaricom has created is this: the customers who most urgently need access to their M-Pesa funds — the elderly woman with medical bills, the physically disabled person who cannot leave their home, the patient recovering from surgery — are precisely the customers who are least able to satisfy in-person biometric requirements.
For a healthy adult in Nairobi with a working phone, a SIM swap is a minor inconvenience. You visit a shop, wait in a queue, press your thumb on a scanner, and leave. For someone bedridden or physically incapacitated, the same process is functionally impossible without either a legal document most families do not have or a policy exception that currently does not exist.
The Power of Attorney route is theoretically available but practically inaccessible. Engaging an advocate, drafting a PoA document, and having it properly executed typically costs Ksh 3,000 to Ksh 10,000 and takes several days. In a medical emergency, that timeline is not viable. And for rural families, the nearest advocate may be hours away.
The Technology That Already Exists
Here is the part of this story that should generate genuine frustration because the technology to solve this problem is not hypothetical. It exists, it works, and it is already being marketed in Kenya.
Liveness Detection is a biometric security technique that uses a smartphone's front camera to confirm that the person being verified is physically present and alive — not a photograph, a video replay, or a deepfake. Modern liveness detection systems ask the user to perform small, randomised actions — blink, turn their head slightly, smile — that a static image or pre-recorded video cannot replicate. The face is then matched in real time against a reference database.
This is not experimental technology. Juniper Research estimated that over 1.2 billion mobile devices globally were secured by facial recognition paired with liveness detection in 2025. Banks, financial platforms, and government services in multiple countries use it for remote customer verification. India's Aadhaar system uses a mobile face authentication app. Estonia's digital ID system allows remote identity verification. South Africa's SASSA social grants platform uses facial liveness checks for vulnerable beneficiaries.
And critically for Kenya: a company called Identy, which offers smartphone-based contactless biometric verification with liveness detection, has just expanded specifically into Kenya. Their technology supports biometric capture using standard smartphones, processes identity documents, and facilitates large-scale biometric verification, exactly what a remote SIM swap verification system would require.
The government has already moved in this direction on the identity infrastructure side. Kenya launched a biometric national ID system with live capture technology in 2025, integrating with the IPRS (the Integrated Population Registration System ) the central database of Kenyan citizen identity records. The Maisha ecosystem, Kenya's digital ID programme, explicitly includes a virtual Maisha Digital alternative and an integrated IPRS database for inter-agency connectivity.
The building blocks are there. The IPRS database has biometric records. Liveness detection technology is available and being actively marketed in Kenya. Smartphones are the primary computing device for the vast majority of Kenyans. What is missing is the will to connect these pieces into a system that serves the people who need it most.
What Remote Biometric Verification Would Look Like
The solution is not complicated in concept, even if the implementation requires care. A Remote Biometric Verification system for Safaricom SIM swaps could work as follows:
A customer or their family member initiates a remote SIM swap request through the mySafaricom app. The app prompts the registered account holder , not a proxy, to complete a liveness check using the front camera of any smartphone. The check involves a short, randomised sequence of facial movements that confirms a live person is present. The captured face is matched against the customer's biometric record held in the IPRS database with a confidence score above a defined threshold. If the match is verified, the SIM swap proceeds with an additional confirmation step such as a PIN or a secondary alert to the next of kin contact on record.
This process does not require the customer to leave their bed. It does not require a lawyer or a Power of Attorney. It does not require a Safaricom agent to make a home visit. And critically, it is not less secure than the current thumbprint system — it is arguably more secure, because liveness detection is significantly harder to spoof than a thumbprint scan at a shop where an agent cannot always verify that the thumb belongs to the right person.
The system would need guardrails. A customer who is genuinely incapacitated and cannot hold a phone at all would still need an alternative pathway, perhaps a supervised home visit by a senior Safaricom official, or a court-based process for extreme cases. Remote verification is not a complete solution for every scenario, but it solves the problem for the vast majority of cases that are currently impossible.
The Government's Role
Safaricom cannot solve this alone, and it is worth being clear about where government responsibility lies.
The Communications Authority of Kenya regulates telecom KYC requirements. If the CA's current framework does not explicitly accommodate remote biometric verification as a valid method for SIM swap authentication, Safaricom is operating within a regulatory constraint it cannot unilaterally override. Changing that requires a regulatory update from the CA, not just a policy decision from Safaricom.
The government has spent over Ksh 15 billion on digital ID and related projects in recent budget cycles. It has installed facial recognition systems at border posts. It is transitioning education and healthcare to digital identity infrastructure. The IPRS database that would anchor remote verification already exists and is being expanded under the Maisha programme.
What is missing is the explicit policy mandate that ties this infrastructure to the specific problem of vulnerable citizens who cannot access their own financial accounts. That mandate should come from the CA, informed by input from disability rights organisations, elder care advocates, and consumer protection bodies.
A Broader Question About Inclusive Design
The SIM swap problem is a specific and urgent case, but it points to a broader design question that Kenya's digital transformation has not adequately answered: who is the assumed user of these systems?
M-Pesa serves over 30 million Kenyans. Kenya's elderly population — those aged 65 and above — numbers approximately 1.3 million people, a figure growing as life expectancy improves. The Kenya National Survey for Persons with Disabilities estimated that roughly 2.2 million Kenyans live with some form of disability. These are not marginal groups. They are millions of Kenyans whose relationship with financial services is increasingly mediated by systems designed for someone who can walk into a shop, stand in a queue, and press their thumb on a scanner.
Digital transformation that serves urban, able-bodied, working-age adults and leaves everyone else navigating legal workarounds is not transformation. It is modernisation for the majority with exclusion built into the edges.
Safaricom has the technical capability, the infrastructure partnerships, and the regulatory relationships to build a better system. The viral story of the bedridden grandmother is not just a social media moment, it is a design brief. The question is whether anyone inside Safaricom is treating it as one.
What Needs to Happen
The asks are specific and achievable.
Safaricom should pilot a Remote Biometric Verification pathway for SIM swaps, using liveness detection matched against IPRS records, for customers who cannot present in person. The mySafaricom app already exists and could serve as the interface. The technology vendors are already in Kenya.
The Communications Authority should update its KYC guidelines to explicitly recognise remote biometric verification as a valid and legally sufficient method for SIM swap authentication, subject to defined confidence thresholds and audit trails.
The government should use the Maisha digital ID rollout to establish a clear framework for remote identity verification across financial services, telecom, and healthcare, not as a future aspiration but as a 2026 implementation target.
None of this requires inventing new technology. It requires connecting systems that already exist, for the benefit of people who currently have no recourse.
Do you or someone you know have experience with Safaricom's SIM swap process as an elderly or disabled customer? We want to hear your story. Reach us at [email protected] or drop a comment below.
Comments