How to secure your business portal login

Your KiddyCash Business portal gives you access to payouts, campaign controls, subscription settings, and transaction records — so locking it down is worth doing properly. These steps go beyond the basics to help you tighten access and reduce exposure.

1. Set strong, unique security questions

Security questions are your fallback layer when primary credentials fail. Navigate to Security Questions settings and choose questions with answers that aren’t guessable from your public profile or business name. Avoid anything a competitor in Nairobi who knows your business could answer — founding year, street address, or your company’s registered name. Use a passphrase-style answer instead of a single word.

2. Review your PIN hygiene

Your business account PIN controls approval of sensitive actions, including authorising payouts and confirming KYB-related updates. If your current PIN follows a predictable pattern (birth years, sequential digits), change it now. See how to change your account PIN for the step-by-step process inside the portal.

If you’ve already lost access to your PIN, don’t wait — follow the PIN reset process before continuing with the steps below.

3. Audit who has access

If your business has multiple staff members using the portal — common for shops running KiddyCash campaigns or processing transaction codes at the till — make sure access is role-appropriate. Remove credentials for former employees immediately. Shared logins are a liability; each operator should authenticate individually.

4. Enable login alerts

Turn on notifications for new login attempts. You’ll receive an alert whenever someone signs in from an unrecognised device. This is especially useful if you’re managing the portal remotely while your team handles on-ground operations — for example, running a loyalty campaign across outlets in Westlands or Mombasa Road.

5. Watch for unusual transaction activity

A compromised login often shows up in the numbers before anything else. Regularly review your transaction history for:

  • Payouts you didn’t authorise
  • Subscription changes you didn’t initiate — particularly relevant if you’ve been exploring the latest features covered in what’s new in subscriptions in KiddyCash
  • Campaign activations outside your normal operating hours

If something looks off, revoke active sessions and reset credentials before investigating further.

6. Keep your KYB information current

Outdated KYB details can create friction when KiddyCash’s compliance checks flag a mismatch — which may temporarily restrict portal access. Keep your business registration details, M-Pesa paybill or till number, and contact information accurate. This also ensures that any account recovery flow routes to the right place.

7. Understand how subscriptions affect access controls

Some security settings are tied to your subscription tier. If you’re on a plan that supports multi-user access or advanced permissions, make sure you understand what’s included. The deeper look at subscriptions in KiddyCash breaks down what each tier unlocks — including features relevant to managing team access and portal permissions.

A note on KES transactions and fraud risk

Businesses processing high volumes of KES payments through KiddyCash — whether through school fee collections, retail campaigns, or family subscription bundles — are a more attractive target. Treat portal security with the same seriousness you’d apply to your M-Pesa agent float or till cash. The controls are there; use them.