These Are The Checks Put In Place To Prevent Misuse Of Tatkal Booking

From our friends at
Rakesh Dubbudu

February 8th, 2018 / 11:23 AM

Representational Image: Yahoo, Madhyamam

In December 2017, the CBI arrested 14 people including one CBI employee for misusing the Tatkal booking through an illicit software. Responding to a question in the Lok Sabha, the government listed down the additional checks put in place to prevent such misuse.   

The Central Bureau of Investigation (CBI) registered a case  on 25th  December 2017, against one Mr. Ajay Garg and 14 others for misusing the Tatkal booking system.  Mr. Garg was working as an Assistant Programmer in CBI. Now, the government in its response to a question in the Lok Sabha  has acknowledged that many websites were providing illegal software for Tatkal booking and that a request was sent to Ministry of Electronics and Information Technology (MEITY) to block such websites. The government also listed the various additional checks put in place to prevent misuse of the Tatkal booking.

The CBI case

The CBI in its FIR  mentioned that Mr. Garg worked with IRCTC earlier and had gained inside knowledge of the technical platform, its functioning and vulnerabilities. It goes onto state that he had developed an illicit software to dupe the Tatkal booking system and had distributed the software to various people across the country.

Tatkal Booking misuse_Screen Shot 2018-02-07 at 2

The software developed by Mr. Garg reduces the time taken to book a ticket by saving all the required details like IRCTC IDs, passenger names, payment methods, class of travel etc. These details are auto filled on the IRCTC portal as soon as the Tatkal booking starts. The software also provided for proxy IP addresses, bypassing CAPTCHA and bank OTP among other things.  The CBI FIR also mentions that one Mr. Anil Gupta who distributes the software on behalf of Mr. Garg transfers money to Mr. Garg through bitcoins, hawala etc.

IRCTC introduces further checks to prevent quick data entry

After this incident came to light, IRCTC had introduced the following additional checks to negate quick data entry, as per the response to a question in the Lok Sabha .

  • Form-filling Time Check:These checks are to ensure that the time taken in online filling of reservation form by a software is comparable to that of an individual filling the form manually.
    • Standard Form Filling time of passenger details in Passenger Detail Form is set at 25 seconds irrespective of number of passengers
    • Minimum time check of 10 seconds for users to carry out payments
  • Restriction on Number of Tickets:There are restrictions on number of tickets that can be booked during Tatkal from a single userid, IP address etc.
    • Only 2 Tatkal tickets can be booked for single user ID from 10am to 12pm
    • Maximum 6 tickets in a month can be booked by a user from one user ID and 12 tickets can be booked by a user in a month if Aadhaar is verified and one of the passengers is Aadhaar verified
    • Only 1 Tatkal ticket in single session is allowed (except for return journey)
    • Only 2 Tatkal tickets per IP address is allowed between 10am and 12pm
    • One user can have only one login session active at one point of time
    • Quick book functionality (single page for booking tickets) is not allowed between 8am and 12pm
    • Only 2 tickets of Opening Advance Reservation Period can be booked by a user between 8am and 10am
    • One user can do only one login at one point of time either from multiple windows of same browser or different browsers
    • Agents are not allowed to book tickets between 8am to 8.30am, 10am to 10.30am and 11am to 11.30am
    • Aadhaar Card is mandatory for Agents registration
  • Technical checks to prevent automation softwares have also been implemented as per information provided by the government. These include the following.
    • Minimum input time for CAPTCHA on Passenger Details Page and Payment Page is set to 5 seconds
    • CAPTCHA is provided at Login page, Passenger detail page and Payment page
    • Implementation of Dynamic Field name on Passenger page
    • One Time Password is mandatory for all Banks for Net Banking
    • QR Barcodes are being printed on Electronic Reservation Slip
    • Additional security question related to user personal information like user name, email, mobile number, check box etc. is asked randomly after passenger input page
  • Regular security audit by Standardization, Testing and Quality Certification (STQC) of MEITY.

As per the information shared by the government, exception reports are being generated for suspicious IDs, time check violation attempts and for bookings done in first second of opening of Tatkal booking period.  The government also mentioned that such user IDs are deactivated manually after analysis.

Share your thoughts..

Related Stories

Data Protection Bill

TLI Explains: Know About India’s Draft Data Privacy Bill Which Seeks To Prevent Misuse Of Personal Data

Airlines Liable To Compensate If Passengers With Confirmed Tickets Are Denied Boarding Due To Over-Booking: DGCA

CBI Official Sold Software To Agents That Let Them Book 800-1000 Tatkal Tickets At One Go; Arrested

Misuse Of Aadhaar Biometrics Data

First Known Misuse Of Aadhaar Biometrics Data Reported, Probe Initiated Against 3 Firms

Railway Minister Launches New IRCTC App To Promote Online Booking Of Tickets

Indian Railways Insurance

Indian Railways Provide Rs 10 Lakh Insurance At 92 Paise For Every Booking, Know About It

Latest on The Logical Indian


Statue Of Unity: Tribals Lock Engineer Office In Protest For Jobs And Rehabilitation Facilities


Udupi: Krishna Temple Bans ‘Ede Snana’, The Practice Of Rolling Over Food Offered To Deity


“They Have Turned Village Into Coal Dumping Yard” Jharkhand Villagers Accuse NTPC Of Forcibly Acquiring Land


After Six Years Of Imprisonment In Pakistan, Hamid Ansari Returns To India


Johnson & Johnson Knew About Presence Of Cancerous Asbestos In Their Baby Powder


Cabinet Approves Amendment To Make Aadhaar Optional For Banking, Phone Connections


Stories that deserve attention, delivered to your inbox!

Handpicked, newsworthy stories which deserve the attention of a rational generation.