Bonga Points is the loyalty program run by Safaricom that’s similar to Airtel’s Zawadi Points and Telkom Kenya’s Ziada Points. Subscribers accrue points when they spend airtime on any of Safaricom services such as Voice, SMS and Data. This points can thereafter be redeemed for similar services for free or for devices if sufficient enough.
In addition to accumulating points, Safaricom allows for transferring of bonga points. This has turned the points into a commodity that’s now traded in various circles. Therefore, to ensure the safety of one’s bonga points Safaricom includes a PIN feature to prevent unauthorized transfers. This is the bonga points PIN and it’s a MUST to set it before you can sambaza your points.
Setting Up the PIN
1. Dial *126# then reply with 98 to go to the next page.
2. Reply with 6 for Set or Change Bonga PIN.
 |
| Set Bonga PIN |
3. Reply with 1 for Set New PIN.
 |
| Set New PIN |
4. You’ll be prompted to enter your National ID number.
 |
| Enter National ID |
5. Next you’ll be prompted to enter your last direct top up i.e. the last amount you loaded from a scratch card voucher e.g. 10, 20, 50, 100, 250 etc.
 |
| Last Direct Top Up |
6. After this you’ll be prompted to enter your new PIN. Enter a 4-digit PIN that isn’t too obvious and that you don’t use anywhere else.
7. Confirm the PIN by re-entering it and you should get a confirmation of the new PIN.
 |
| New PIN Set |
You can now safely transfer your Bonga Points using this PIN. You can however change the PIN should you wish to at any point in the future.
Resetting Your Forgotten Bonga Point PIN
If you stay for long without transferring your Bonga Points chances are that you’re going to forget your PIN. Also there are situations where somebody may have set the PIN without your consent which puts you in a similar scenario of not knowing your current PIN.
Fortunately you can reset your Bonga Points PIN using the same procedure as that of setting it as we’ve just seen above. That should explain why you are prompted to enter your National ID number and last top up even though you may be setting the PIN for the very first time.
Protecting Your PIN
The benefits of setting a strong Bonga Points PIN is compromised by the fact that one can very easily reset it. This is owing to the fact that the reset process Safaricom provides is very weak from a security stand point.
An attacker only needs to know your ID and the rest can easily be figured out: the last top up can be guessed multiple times till the correct one is attained though the attacker might as well decide to top up themselves any amount (e.g Ksh.10) for the sole purpose of this resetting.
Thereby it seems the best measure against unathorized PIN (re)setting is either keeping your ID number a secret from potential attackers or controlling who gets access to your phone. The latter is more practical as you can easily decide who to trust your phone with.
Still, where you leave your phone and the lock mechanism you have in place (if any) are far more crucial things to consider in the long run.
Through social engineering and subtle manipulation an attacker can easily build trust for what seems like a completely unrelated matter while in actual fact are underhandly setting a trap to carry out their attack e.g. charging your phone, feigning to text someone for help, playing a game, offering “tech support” etc.
