M-PESA PIN Safety – How to Buy Airtime & Bundles Without Risk

Q: Why do some scammers ask for my PIN after I pay?

They pretend that they need it to 'complete the delivery'. In reality, once you pay via STK push, the transaction is final. They want your PIN to steal from you.

📖 M-PESA Security Guide

🎣 How Scammers Try to Steal Your M‑PESA PIN
🛡️ How STK Push Protects You
✅ Safe vs. Risky Practices – At a Glance
🔐 How to Buy Airtime or Bundles Without Risking Your PIN
📞 Why Till 509947 Is a Safe Reseller Option
🚨 What to Do If You Suspect Your PIN Is Compromised
❓ Frequently Asked Questions

Your M‑PESA PIN is the key to your mobile money. If someone obtains it, they can empty your account. Unfortunately, scammers have devised clever ways to trick you into revealing your PIN when you try to buy airtime or bundles. This guide explains how to stay safe, how STK push protects you, and why using a verified reseller till like 509947 is secure.

🎣 How Scammers Try to Steal Your M‑PESA PIN

Fake customer care calls: Someone calls pretending to be from Safaricom or Airtel, asks you to “verify” your PIN to fix an issue.
Phishing links: You receive an SMS with a link saying “your M‑PESA has been suspended – click to reactivate”. The fake site asks for your PIN.
Fake resellers: A WhatsApp “reseller” asks you to send your PIN “to complete the transaction”. Legitimate resellers never ask for your PIN.
SIM swap fraud: Scammers trick your carrier into transferring your number to a new SIM, then reset your M‑PESA PIN.

⚠️ Golden rule: Never share your M‑PESA PIN with anyone – not even Safaricom or Airtel staff. No legitimate transaction requires you to disclose your PIN to another person.

🛡️ How STK Push Protects You

When you pay using Lipa na M‑PESA (Buy Goods or Paybill), the transaction is completed via an STK push – a secure prompt that appears directly on your phone. You enter your PIN into the M‑PESA app, not into a website or to a person. The merchant never sees your PIN. This is the safest way to pay.

Safe methods: M‑PESA STK push via till numbers (e.g., 509947) or official Paybill (263263).

Unsafe methods: Sending money to a personal M‑PESA number and then sharing your PIN or trusting someone to “process” the transaction for you.

✅ Safe vs. Risky Practices – At a Glance

Practice	Safe?	Why?
Entering PIN into M‑PESA STK push (Buy Goods)	✅ Safe	PIN never leaves your phone; merchant cannot see it.
Giving PIN to a “reseller” over WhatsApp	❌ Very dangerous	They can empty your account immediately.
Using a till number (e.g., 509947) for bundles	✅ Safe	Standard M‑PESA STK push – no PIN sharing.
Clicking on links in random SMS to “verify” PIN	❌ Phishing scam	Fake website captures your PIN.

🔐 How to Buy Airtime or Bundles Without Risking Your PIN

Always use Lipa na M‑PESA → Buy Goods or Paybill. Never send money to a personal number.
Use a verified till number. For example, Till 509947 (BingwaSokoni) is a well‑known reseller till with a secure STK push process.
Never share your PIN. If anyone asks for it, they are scammers. Hang up or block them.
Enable M‑PESA transaction alerts. You will receive an SMS for every transaction – report any unauthorised activity immediately.
Keep your SIM safe. Do not share personal details that could enable a SIM swap.

📞 Why Till 509947 Is a Safe Reseller Option

BingwaSokoni (Till 509947) uses the standard M‑PESA Buy Goods flow. When you pay:

You receive an STK push on your phone.
You enter your PIN into the M‑PESA app (not into a website).
The platform receives a confirmation that payment was made, but never sees your PIN.
The bundle is delivered automatically.

This is the same secure process used by supermarkets, petrol stations, and other legitimate businesses.

🚨 What to Do If You Suspect Your PIN Is Compromised

Immediately change your M‑PESA PIN: Dial *100# → “Change PIN” or use the M‑PESA app.
Check your transaction history: Look for unauthorised payments.
Report to Safaricom/Airtel: Call 100 (Safaricom) or 100 (Airtel) and explain the situation.
If money is stolen, report to the police. Keep the transaction SMS as evidence.

🛡️

Verified Merchant – Till 509947

Secure M‑PESA STK Push payments. Your PIN is never shared – only the payment confirmation reaches us.

Written by the BingwaSoko Security Team
Security and mobile money specialists. Helping Kenyans protect their M-PESA accounts.
Last reviewed: 26 May 2026

❓ Frequently Asked Questions – M-PESA PIN Safety

Can a reseller see my M-PESA PIN if I use a till?

No – the STK push is encrypted and goes directly between M‑PESA and your phone. The merchant only knows that you paid, not your PIN.

Is it safe to save a till number in my M-PESA favourites?

Yes – it just saves you from typing the number each time. It does not expose your PIN.

Why do some scammers ask for my PIN after I pay?

They pretend that they need it to “complete the delivery”. In reality, once you pay via STK push, the transaction is final. They want your PIN to steal from you.

Is using a reseller till like 509947 as safe as buying from a supermarket?

Yes – the M‑PESA payment mechanism is identical. The only additional risk is whether the reseller actually delivers the bundle. That is why you choose a verified till with a good reputation and support.

What should I do if I suspect my PIN is compromised?

Immediately change your M-PESA PIN via *100#, check transaction history for unauthorised payments, report to Safaricom/Airtel (call 100), and if money is stolen, report to the police.

How does STK push protect my PIN?

STK push creates a secure encrypted session between your SIM card and M-PESA servers. You enter your PIN directly into the M-PESA app, never into a website or to a person. The merchant never sees your PIN.

💡 Pro tip: Set up M‑PESA notifications to receive an SMS for every transaction. If you see an unauthorised payment, you can act quickly. Also, memorise your PIN – never write it down.

Till: 509947

👉 Buy Bundles Safely – Use Till 509947

M‑PESA PIN Safety – How to Buy Airtime & Bundles Without Risk