NewKerala.com

Railways Deactivate 3 Crore IDs, Boost Security with Aadhaar OTP & Anti-Bot Tech

Indian Railways has implemented Aadhaar-based OTP verification for online Tatkal bookings to ensure user uniqueness and prevent fraudulent, automated bookings. A multi-layered cybersecurity framework, including anti-bot solutions, web application firewalls, and DDoS mitigation, protects the ticket booking infrastructure. These measures led to the deactivation of approximately 3.03 crore suspicious user IDs in the year 2025. The system is continuously monitored through integration with CERT-In and undergoes regular security audits to safeguard against evolving cyber threats.

Key Points: Railways Deactivate 3.03 Crore IDs, Enhance Tatkal Security

  • Aadhaar OTP for Tatkal fairness
  • 3.03 crore IDs deactivated
  • Anti-bot & CDN for security
  • Multi-layer DDoS protection
  • Round-the-clock CERT-In monitoring
4 min read

Aadhaar-based authentication, multi-layer cybersecurity lead to deactivation of 3.03 cr suspicious user IDs in 2025: Railways

Indian Railways deactivated 3.03 crore suspicious IDs in 2025 using Aadhaar OTP for Tatkal, anti-bot solutions, and multi-layer cybersecurity to ensure fair booking.

"approximately 3.03 crore suspicious user IDs were deactivated in 2025 - Ministry of Railways"

New Delhi, February 13

The reservation ticket booking system of Indian Railways has implemented the following measures to prevent auto-filling of forms by hacking tools, curb fraud in Tatkal ticketing bookings through the internet, and safeguard the system from cyberattacks.

According to the Ministry of Railways, to curb misuse and improve fairness in Tatkal bookings, Aadhaar-based One-Time Password (OTP) verification for online Tatkal ticket booking has been introduced.

Under this technique, Aadhaar authentication provides instantaneous verification of user uniqueness, which is critical considering the time-sensitive nature of Tatkal ticket booking.

It helps prevent the creation and operation of fake or unauthorised, agent-controlled, multiple-user accounts by enforcing a uniqueness constraint. This measure serves as an effective safeguard against account proliferation and automated misuse, thereby ensuring a fair allocation of Tatkal tickets. It has contributed to improved ticket availability for genuine passengers and enhanced transparency in the online Tatkal booking system.

Several application-level security controls have been implemented, including a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) mechanism deployed at multiple levels to prevent scripting, Brute-Force Attacks, and DDoS (Distributed Denial of Service) attacks.

Several security measures have also been implemented to address OWASP (Open Web Application Security Project) application security vulnerabilities.

To optimise system performance, Indian Railways has implemented a Content Delivery Network (CDN) to offload static content and reduce direct traffic on its internet ticket-booking website.

Furthermore, Anti-bot solutions, such as Akamai, are deployed to filter non-genuine users, thereby mitigating malicious /suspicious attempts on the internet ticket-booking website and ensuring smooth booking for genuine passengers. This helps in checking malicious traffic.

According to the Ministry of Railways, the entire ICT (Information and Communication Technologies) infrastructure has been deployed in a high-availability mode to minimise failures.

The system is protected by industry-standard, state-of-the-art, data centre-grade network and security equipment, including network firewalls, network intrusion prevention systems, application delivery controllers, and web application firewalls.

The system is also protected from volume-based DDoS (Distributed Denial of Service) attacks with an ISP (Internet Service Provider) layer, DDoS Detection and Mitigation Services through multiple ISPs with aggregated DDoS mitigation capacity of nearly 30 Gbps.

Enterprise-level Content Delivery Network (CDN), anti-bot, secure DNS, and Web Application Firewall (WAF) services, which enhance security, improve customer experience, reduce web traffic load, optimise resources, and mitigate threats, have been deployed.

For comprehensive cyber threat intelligence services, RailTel has been engaged to undertake Deep-Dark Web Monitoring, Digital Risk Protection and improve incident response.

The system is hosted in a captive data centre in Chanakyapuri, New Delhi, with CCTV surveillance and restricted physical access. The facility is ISO 27001 (ISMS) certified.

It is also integrated with CERT-In TSAP (Threat & Situational Awareness Projects) for round-the-clock monitoring of security incidents and events.

The system has been integrated with CERT-In's "Madhu-Sanjal", wherein CERT-In has deployed the honeypot sensor for monitoring the attacker behaviours, suspicious events/intrusion attempts and learning their tactics and improving defence against cyber threats.

The Ministry of Railways stated that the on-premises security team monitors the system's security logs to detect and mitigate security incidents.

Several anti-fraud measures have been implemented to prevent unauthorised access and ensure seamless booking for legitimate users.

According to the Ministry of Railways, approximately 3.03 crore suspicious user IDs were deactivated in 2025.

Regular security audits of the reservation system are conducted by CERT-In-empanelled Information Security Audit Agencies. Moreover, internet traffic related to the ticketing system is continuously monitored by CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC) to detect and prevent cyber attacks.

Additionally, 376 complaints have been lodged on the National Cyber Crime Portal pertaining to 3.99 lakh suspicious bookings. Moreover, 12819 suspicious email domains were blocked in 2025.

- ANI

Share this article:

Reader Comments

A
Arjun K
Good move by Railways. The Aadhaar OTP for Tatkal makes sense to stop bots and agents. But I hope the system is robust. Last time, the IRCTC website crashed during peak booking. With all these firewalls and CDNs, the real test will be during festival season. Fingers crossed.
R
Rohit P
While I appreciate the security focus, linking everything to Aadhaar is a concern. What about privacy? Also, what if someone doesn't have an Aadhaar or their mobile isn't linked? Will they be denied a Tatkal ticket? The solution should not create new problems for ordinary citizens.
S
Sarah B
The technical details here are impressive – 30 Gbps DDoS mitigation, ISO 27001 certification, honeypot sensors. It reads like a corporate cybersecurity white paper. If this works as described, it could be a model for other government online services in India. A much-needed upgrade.
V
Vikram M
3.03 crore IDs deactivated! That's an insane number. It clearly shows how rampant the misuse was. These touts and software bots were ruining it for everyone. Jai Hind to the cyber team at Railways and CERT-In. Hope the common man finally wins the Tatkal battle. 💪
K
Kavya N
My father had to pay extra to an agent last Diwali to get tickets. It's heartening to see such a detailed, multi-layer approach. The integration with 'Madhu-Sanjal' honeypot is smart. But the proof will be in the booking. Please ensure the website UI is also user-friendly for non-techies like my parents.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50