Railways Deactivates 3.02 Crore Suspicious IDs; Aadhaar-OTP Expands to 322 Trains
New Delhi, 11 December 2025: The Ministry of Railways informed Lok Sabha that the Indian Railways reservation system is undergoing major security and performance upgrades, including the deactivation of over 3.02 crore suspicious user IDs and the phased rollout of Aadhaar-based OTP verification for Tatkal bookings.
Indian Railways stated that the reservation platform is equipped with industry-standard cybersecurity controls and multiple protective layers such as firewalls, intrusion prevention systems, application delivery controllers and web application firewalls. The system operates from a dedicated, access-controlled data centre certified under ISO 27001 standards and secured with CCTV surveillance and end-to-end encryption.
According to the ministry, several steps have been taken to curb misuse and improve fairness in Tatkal ticket booking. Aadhaar-based OTP verification for online Tatkal bookings has been introduced in phases and is operational in 322 trains as of 4 December 2025. Due to these measures, confirmed Tatkal ticket availability time has increased in about 65 percent of these trains.
Tatkal OTP verification at reservation counters has also been rolled out in phases and implemented in 211 trains. As a result of these and other measures, confirmed Tatkal ticket availability time has increased in about 95 percent of 96 popular trains.
Indian Railways has deployed anti-bot solutions such as Akamai to filter non-genuine users and ensure smoother booking for legitimate passengers. Complaints have been filed on the National Cyber Crime Portal related to suspiciously booked PNRs.
To strengthen cybersecurity, RailTel Corporation of India Ltd. provides cyber threat intelligence services including threat monitoring, deep and dark web surveillance, digital risk protection and take-down services. Regular security audits of the reservation system are conducted by CERT-In empanelled agencies. CERT-In and the National Critical Information Infrastructure Protection Centre continuously monitor internet traffic related to the ticketing system to detect and prevent cyberattacks.
The ministry added that requests and suggestions from public representatives, rail users and organisations are received on an ongoing basis at various levels. These are examined, and action is taken as feasible.
