Mobile money agents in Kenya directly handle sensitive user data—including names and national ID numbers—during KYC verification, posing severe privacy leakage risks. To address this, we propose a novel deposit-withdrawal protocol that, for the first time, decouples KYC compliance from agent-side operations in real-world deployment settings: agents execute transactions without accessing sensitive personal information, which is instead routed exclusively to the service provider’s infrastructure. The protocol integrates biometric-based rapid authentication, decentralized identity (DID) principles, and a role-separation architecture to enforce strict data minimization and access control. A field study involving 32 end users and 15 agents demonstrated statistically significant improvements in verification efficiency, perceived privacy protection, and security trustworthiness, with strong user and agent preference for the new protocol. Concurrently, the evaluation uncovered critical deployment-level usability challenges—particularly concerning offline operation, device heterogeneity, and agent training—that must be addressed for scalable adoption.

Mobile Money (MoMo), a technology that allows users to complete digital financial transactions using a mobile phone without requiring a bank account, has become a common method for processing financial transactions in Africa and other developing regions. Operationally, users can deposit (exchange cash for mobile money tokens) and withdraw with the help of human agents who facilitate a near end-to-end process from customer onboarding to authentication and recourse. During deposit and withdraw operations, know-your-customer (KYC) processes require agents to access and verify customer information such as name and ID number, which can introduce privacy and security risks. In this work, we design alternative protocols for mobile money deposits and withdrawals that protect users' privacy while enabling KYC checks. These workflows redirect the flow of sensitive information from the agent to the MoMo provider, thus allowing the agent to facilitate transactions without accessing a customer's personal information. We evaluate the usability and efficiency of our proposed protocols in a role play and semi-structured interview study with 32 users and 15 agents in Kenya. We find that users and agents both generally appear to prefer the new protocols, due in part to convenient and efficient verification using biometrics, better data privacy and access control, as well as better security mechanisms for delegated transactions. Our results also highlight some challenges and limitations that suggest the need for more work to build deployable solutions.