New Free Cyber Insurance Readiness Check
← Back to blog
Fraud Prevention 4 min read June 18, 2026

How to verify an M-Pesa paybill before you pay

Every day, Kenyan businesses send money to paybill numbers they've never verified. Most payments go to legitimate businesses. But the ones that don't can cost you everything.

The problem

Anyone with a valid ID can register a Safaricom paybill number. Fraudsters register paybills with names that look like legitimate suppliers — "Safaricom PLC", "Kenya Power", or your actual vendor's business name with one letter changed.

Once you send money to a fraudulent paybill, it's gone. M-Pesa reversals are difficult, slow, and not guaranteed. The scammer has already withdrawn.

What you can check

1. The registered organisation name

Every Safaricom paybill has a registered organisation name visible through the Daraja API. This is the legal name the paybill holder used to register with Safaricom.

If the organisation name doesn't match who you think you're paying, stop. Even a slight misspelling is a red flag.

2. How long the paybill has been active

Newly registered paybills used for fraud are typically days or weeks old. A legitimate business paybill has been active for months or years.

3. Fraud reports from other businesses

If other businesses have already reported a paybill as suspicious, that's the strongest signal. This is why shared fraud intelligence matters — one business's bad experience can protect hundreds of others.

How Codec8 Verify works

Codec8 Verify does all three checks in one step:

  1. Org name lookup: Pulls the registered organisation name from Safaricom's Daraja API.
  2. Fraud corpus check: Cross-references the paybill against our growing database of reported suspicious numbers.
  3. Clear verdict: Returns "proceed", "confirm", or "stop" — not a confusing risk score.

Quick Check costs KSh 50 per lookup. Full Check (KSh 500) adds pattern analysis and a detailed report.

5 rules before every payment

  1. Verify the paybill org name — always, even for "known" suppliers.
  2. Call the supplier on a known number — not the number in the email or WhatsApp message.
  3. Never pay under time pressure — "pay now or lose the deal" is the #1 scam tactic.
  4. Check for recent fraud reports — use Codec8 Verify or ask your network.
  5. Keep records — screenshot the paybill number, amount, and org name. You'll need them if something goes wrong.

Not sure about a paybill? Check it now.

Run a Quick Check — KSh 50

Or take the free readiness check first.