End of Tatkal ticket scam: Railways blocks bots and three crore fraudulent IDs

KOCHI: In a move to combat fraudulent activities, Indian Railways has significantly bolstered the security of its IRCTC portal following the implementation of Aadhaar-based OTP authentication for Tatkal ticket bookings. Between July and December 2025, the Railways identified and removed over 3.03 crore fraudulent user IDs and blocked 12,819 suspicious email domains. These measures were prompted by the persistent misuse of the portal by unauthorised agents and hackers.

Historically, Tatkal tickets were often exhausted instantly, with unauthorised entities utilising illegal software and "bots" to automate form-filling and mass-book tickets, which were then resold at a premium.

To mitigate this, Aadhaar registration became mandatory for all Tatkal bookings starting July 1, 2025. Between July and December 2025, the portal recorded 9,753 crore hits, of which 6,265 crore were flagged as suspicious and denied access. The Ministry of Railways reported these figures in Parliament as evidence of the system's effectiveness in preventing illicit automated access.

Security Architecture

To verify genuine applicants and filter out malicious traffic, the system now incorporates:

• Aadhaar OTP & Enhanced CAPTCHA: Standardising user identity.
• AKAMAI Anti-Bot Systems: Real-time threat intelligence.
• Madhu Sanjal Honeybot Sensors: A specialised trapping mechanism designed to identify and isolate automated scripts.
• Network Firewall & Content Delivery Networks (CDN): Optimised for load management and perimeter security.

Data: Traffic and Denied Access (July – Dec 2025)

Month Total Requests (Crores) Denied/Suspicious (Crores)

July 906 725

August 1,104 507

September 1,904 1,205

October 2,404 1,700

November 2,007 1,403

December 1,428 725