Railways revamps ticketing system with anti-bot tech, Aadhaar OTP, ID purge
NEW DELHI: In a move to strengthen the ticket reservation system, Indian Railways (IR) has deactivated more than 3 crore user IDs since January 2025 and introduced anti-bot measures to ensure genuine bookings. The reservation system is described as a robust and secure IT platform equipped with industry-standard cyber security controls. Union Railway Minister Ashwini Vaishnaw on Thursday said Indian Railways has taken several steps to improve the performance of the reservation system and increase the availability of regular and tatkal tickets. In response to a question in the Rajya Sabha, he said about 3.02 crore suspicious user IDs had been deactivated since January to ensure availability for genuine passengers. He added that IR had deployed an anti-bot solution named AKAMAL, designed to filter non-genuine users and ensure smoother booking for legitimate passengers. The minister said Aadhaar-based One-Time Password (OTP) verification for online tatkal bookings had been introduced in phases to curb misuse and improve fairness. It is already operational in 322 trains as on December 4, 2025. Due to the above steps, the confirmed tatkal ticket availability time has increased in about 65% of the abovementioned 322 trains, he said. He added that Aadhaar-based OTP verification for tatkal bookings at reservation counters had also been introduced in phases and was in place in 211 trains as of December 4, 2025. As a result of these and other measures, the confirmed tatkal ticket availability time has increased in about 95% of the 96 popular trains. Complaints have been filed on the National Cyber Crime Portal for suspiciously booked PNRs, the Minister told the Upper House. Providing further details, Vaishnaw said multiple protective layers including network firewalls, intrusion prevention systems, application delivery controllers and web application firewalls had been adopted to safeguard the system against cyber threats. The system is hosted in a dedicated, access-controlled Data Centre, secured through CCTV surveillance and end-to-end encryption. The Data Centre is certified under ISO 27001 Information Security Management System (ISMS) standards. To further strengthen cyber security posture, RailTel Corporation of India Ltd. provides comprehensive cyber threat intelligence services, including take-down services, threat monitoring, deep and dark web surveillance and digital risk protection, he said. These services provide proactive intelligence on emerging cyber threats and support incident response. The minister added that regular security audits of the reservation system are carried out by CERT-Inempanelled Information Security Audit Agencies. Internet traffic related to the ticketing system is also continuously monitored by CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC) to detect and prevent cyber attacks. According to the minister, requests, suggestions and representations from public representatives, organisations and rail users are received at various levels including the Railway Board, Zonal Railways and Divisional Offices to further improve the system. He said this was an ongoing and dynamic process.
19 C
