The card is accessible on Safaricom’s M-Pesa app and is linked to a user’s M-Pesa wallet, to allow payments to online merchants. Interestingly, the card only enables a user to make payments to global vendors and cannot be used for payments made on a Kenyan website. The reasoning behind this limitation seems to be that Safaricom’s other payment options, such as the M-Pesa Buy Goods or Pay Bill services are available for local websites.

Additionally, the M-Pesa Card is said to exclusively apply to international transactions to protect users from incurring forex conversion costs on local payments billed in Kenyan Shillings. This is because Safaricom is imposing a 3,5% charge on the value of each online purchase made using the M-Pesa Card. The charge will be calculated based on the exchange rate at the time of the transaction.

It is not clear whether these transactions will be further subject to the digital service tax (DST). The DST applies to income derived or accrued in Kenya from services offered through a digital marketplace. It is computed at a rate of 1,5% of the gross transaction value. Although DST is imposed on merchants, which in this case would be the online vendors, it is foreseeable that merchants would seek to transfer this cost to the consumers. This in turn would lead to an increase in the cost of the items for M-Pesa Card users, if DST applies.

Furthermore, it is key to note that one of the implications of the Safaricom – Visa partnership is that Visa is likely to have access to an M-Pesa Card user’s personal data, which would otherwise not be available. This is because the M-Pesa Card only allows access to merchants within Visa’s global network. Also key to note is that it is designed to enhance cyber security, as the card auto-generates a CVV that is only valid for a 30-minute period, requiring a user to input their password each time they would like a CVV generated.

How it works

The following are the main regulations that govern the M-Pesa Card:

The Central Bank of Kenya Act provides the basis for the regulation of non-banking institutions. It authorises the Central Bank of Kenya (CBK) to formulate and implement policies to best promote the establishment, regulation and supervision of payment systems in Kenya. The National Payment Systems Act of 2011 (NPS Act) makes provisions for the regulation and supervision of payment systems, including mobile payments systems in Kenya. It sets out the responsibilities of payment service providers (PSPs) and gives the CBK the express authority to supervise and regulate efficient payment, clearing and settlement systems. M-Pesa already operates as a PSP in Kenya and is required to comply with the NPS Act and ancillary legislation in this regard.

Moreover, Safaricom and Visa are required to obtain certain licences by virtue of their line of business. However, it is likely that the launch of this service will not require either of them to obtain additional licences. For example, the Money Remittance Regulation of 2013, empowers the CBK to issue a money remittance transfer operator licence that enables a licence holder to provide money transfer services. Visa is likely to have had this licence and given that the M-Pesa Card will be operating on Visa’s network channels in order to transfer funds from a user’s wallet to the international vendor, it is unlikely that this partnership will require additional licensing.

Likewise, M-Pesa operates as a PSP and requires a PSP licence to authorise its provision of payment services through an electronic system. In sum, Safaricom and Visa appear to be leveraging each of their current operating frameworks to ensure compliance with the law whilst maintaining minimum regulatory friction.

Compliance

Both M-Pesa and Visa are further required to comply with the Data Protection Act of 2019 (Data Protection Act). The Data Protection Act provides a framework for handling and protecting consumers’ data and financial information. Furthermore, it imposes a duty on payment service providers to ensure the security of their consumers’ data and gives a means for recourse in case one of their rights is violated. This will be essential for the M-Pesa Card in protecting users’ data because, as has been mentioned above, Visa will likely be able to access M-Pesa Card users’ personal data. The Anti-Money Laundering Guidelines for the provision of Mobile Payment Services of 2013 outline measures for preventing the occurrence of money laundering through the use of mobile payment systems. These measures have been implemented in the M-Pesa Card including the retention of the current M-Pesa limits of KES 150,000 per transaction and KES 300,000 per day at the prevailing forex rate, mechanisms for identification of the parties in the transaction and the implementation of strong operational procedures and controls to handle and resolve customer complaints.

In the words of Safaricom’s CEO, Mr Peter Ndegwa, the M-Pesa Card seeks to “bridge the gap for customers who would like to use M-Pesa anywhere across the world”. Echoing these sentiments, Visa’s Vice President and General Manager for East Africa, Ms Corine Mbiaketcha stated that the launch of this card “is an important step in achieving the expansion of the payments ecosystem across Africa by opening up the global marketplace for every single consumer”. The launch of the card is intended to open up global shopping for Kenyan consumers and is marketed as “allowing secure cashless payments to more than 100 million merchants in over 200 countries through Visa’s global network”.