Railways Cyber Security Measures Protect Tatkal Booking System
The Indian Railways reservation ticket booking system has successfully deactivated 3.03 crore suspicious user IDs and blocked 60.43 billion malicious bot requests in the last six months of 2025, safeguarding the integrity of its online e-ticketing platform. The Union Minister for Railways, Information & Broadcasting and Electronics & IT, Shri Ashwini Vaishnaw, provided the details in a reply to Rajya Sabha.
Aadhaar-Based Authentication Ensures Fair Booking
To curb misuse and improve fairness in tatkal bookings, Indian Railways introduced Aadhaar-based One-Time Password (OTP) verification for online tatkal ticket bookings. This system ensures instantaneous verification of user uniqueness, prevents creation of multiple unauthorized accounts, and improves ticket availability for genuine passengers.
Application Layer Security Controls
The booking system now uses multiple layers of security including CAPTCHAs, anti-bot solutions like Akamai, and content delivery networks (CDN) to filter malicious traffic. Measures also include protection against scripting, brute-force attacks, and DDoS attacks, alongside OWASP-compliant application security protocols.
Network and Infrastructure Layer Protections
Indian Railways operates its ICT infrastructure in high-availability mode, equipped with network firewalls, intrusion prevention systems, web application firewalls, and secure DNS. Volume-based DDoS attacks are mitigated with multiple ISPs providing nearly 30 Gbps of aggregated protection. RailTel provides deep-dark web monitoring and digital risk protection services.
Physical Security and Monitoring
The system is hosted in an ISO 27001-certified captive data center in Chanakyapuri, New Delhi, with CCTV and restricted access. Security is monitored 24/7 through CERT-In’s TSAP and Madhu-Sanjal projects, including honeypot sensors to track attacker behaviour.
Administrative Measures and Fraud Prevention
Rigorous revalidation of user accounts has been conducted, leading to the deactivation of 3.03 crore suspicious IDs. Over 376 complaints related to 3.99 lakh suspicious bookings were lodged on the National Cyber Crime Portal, and 12,819 suspicious email domains were blocked in 2025. Continuous monitoring ensures smooth booking for genuine passengers.
Malicious Bot Requests Blocked
Data from the last six months highlights extensive cyber threats:
December 2025: 7.25 billion out of 14.28 billion requests were bots
November 2025: 14.03 billion out of 20.07 billion requests were bots
October 2025: 17.00 billion out of 24.04 billion requests were bots
September 2025: 12.05 billion out of 19.04 billion requests were bots
August 2025: 5.07 billion out of 11.04 billion requests were bots
July 2025: 5.03 billion out of 9.06 billion requests were bots
These Railways cyber security measures have ensured seamless and fair tatkal bookings while protecting the platform from cyber attacks and fraudulent activities.
