Indian Railways blocks 3.02 crore fake IDs, rolls out stronger Tatkal checks
New Delhi: Indian Railways has intensified its crackdown on suspicious user accounts, deactivating nearly 3.02 crore such IDs since January 2025. The action was disclosed in Parliament on Thursday (December 11, 2024) by Ashwini Vaishnaw, Minister for Information & Broadcasting and Electronics & IT. A large number of these fake accounts are created using bots and automated software to corner Tatkal tickets, which are later resold at inflated prices. This practice makes it difficult for genuine passengers to secure last-minute bookings.
Key measures being implemented to tackle suspicious IDs:
Vaishnaw said the ministry is deploying advanced anti-bot tools, including AKAMAI, to block fake users and streamline the booking experience for legitimate travellers.
Aadhaar-based OTP for Tatkal tickets
To curb misuse of Tatkal bookings, the government has rolled out Aadhaar-linked OTP verification for online Tatkal reservations in phases. As of December 4, 2015, the system was active across 322 trains. These efforts, according to the minister, have improved confirmed Tatkal ticket availability in around 65% of these routes. A similar Aadhaar-based OTP process has been extended to reservation counters as well. Introduced gradually, it had been implemented for 211 trains by December 4, 2025.
Action on suspicious PNRs
Complaints are also being filed on the National Cyber Crime Portal to flag train tickets booked under suspicious PNRs, Vaishnaw informed Parliament.
Cybersecurity layers and audits
To shield the Railways’ digital systems from cyber risks, multiple layers of security—such as network firewalls, intrusion prevention systems, application delivery controllers, and secure web applications—are in place. The ticketing system runs on a dedicated data centre with restricted access, CCTV monitoring, and end-to-end encryption. Vaishnaw added that regular security audits are carried out by CERT-In empanelled agencies. Internet traffic related to ticketing is continuously tracked by CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC) to detect and prevent cyber threats.
