Railways deactivates over 3 crore suspicious user IDs as Aadhaar-based checks boost tatkal availability
NEW DELHI: Indian Railways (IR) has deactivated more than 3 crore suspicious user IDs since January 2025 and introduced new Aadhaar-based verification measures to allegedly curb misuse and strengthen the online ticket reservation system. Officials describe the reservation platform as a robust and highly secure IT system equipped with industry-standard, state-of-the-art cyber security controls. Union Railway Minister Ashwini Vaishnaw on Thursday informed the Rajya Sabha that about 3.02 crore suspicious user IDs have been deactivated this year to ensure ticket availability for genuine passengers. He said IR has also deployed an anti-bot solution named AKAMAL, designed to filter non-genuine users and ensure smoother booking for legitimate travellers. The Minister stated that Aadhaar-based One-Time Password (OTP) verification for online tatkal ticket booking has been introduced in phases to curb alleged misuse and improve fairness in tatkal reservations. It is already operational in 322 trains as on December 4, 2025. Due to the above steps, the confirmed tatkal ticket availability time has increased in about 65% of the abovementioned 322 trains, the Minister said. He added that Aadhaar-based OTP for tatkal bookings at reservation counters has also been introduced in phases and has been implemented in 211 trains as on 4 December 2025. As a result of these and other measures, the confirmed tatkal ticket availability time has increased in about 95% of the 96 popular trains. Complaints have been filed on the National Cyber Crime Portal for suspiciously booked PNRs, the Minister informed the Upper House. Providing further details, Vaishnaw said multiple protective layerssuch as network firewalls, intrusion prevention systems, application delivery controllers, and web application firewallshave been adopted to safeguard the system against cyber threats. He said, The system is hosted in a dedicated, access-controlled Data Centre, secured through CCTV surveillance and end-to-end encryption. The Data Centre is certified under ISO 27001 Information Security Management System (ISMS) standards. To further strengthen cyber security posture, RailTel Corporation of India Ltd. provides comprehensive cyber threat intelligence services, including take-down services, threat monitoring, deep and dark web surveillance and digital risk protection. According to the Minister, these services provide proactive and actionable insights into emerging cyber threats and enable improved incident response. He added that regular security audits of the reservation system are carried out by CERT-Inempanelled Information Security Audit Agencies. Moreover, internet traffic related to the ticketing system is continuously monitored by CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC) to detect and prevent cyber attacks. The Minister also noted that requests, suggestions, and representationsboth formal and informalare continuously received from public representatives, organisations, and rail users at various levels, including the Railway Board, Zonal Railways, and Divisional Offices, to further improve the system. He said receiving such inputs is a continuous and dynamic process.
19 C
