NEW DELHI: Train ticket bookings, particularly Tatkal or premium Tatkal category, may not be possible if users try online reservations through Virtual Private Server (VPS).
Following continuous monitoring undertaken to detect usage of illegal software for buying online tickets, the ministry has found that the majority of touts are using VPS for masking Internet Protocol (IP) addresses to book rail tickets, thus making it difficult to track their original locations. Therefore, the ministry of railways has suggested Indian Railway Catering and Tourism Corporation (IRCTC), rail ticket booking website owned by the ministry, and Centre for Railway Information Systems (CRIS) to block traffic coming through VPS’ especially from a particular web service, which pins Mumbai as default IP address location, to prevent touting activities.
The CRIS designs, develops, implements and maintains most of the important information systems of Indian Railways.
Besides blocking of foreign IP addresses, implementation of better algorithms to enforce Captchas (response test used to determine whether the user is human or not), disabling of copy and paste option on IRCTC’s webpage for stopping auto filling of one time password (OTP) and restricting time window to fill passengers’ details are other recommendations to upgrade the portal sent this earlier week.
The suggestion note forwarded to both agencies further said that responses to the security questions should not be predictable or answered by automation tools.
“Regular passengers/ agents don’t use VPS for booking. Hence blocking the traffic coming from VPS’s can restrict the most touting activities…Even developers are trying to integrate captcha solvers to automation softwares. Hence it is requested to implement better algorithms to enforce captchas for effective working,” reads the note.
The Computerisation & Information System (C&IS) division of the railways has also been sent these suggestions.
Ticket bookings by illegal agents or touts have been a major issue for long and the ministry keeps taking measures to prevent such activities, which lead to financial losses too. It had also deployed several checks to curtail them. The Railway Protection Force (RFP) regularly conducts a drive to look into the issue, said an official.
“Illegal Tatkal software developers have found ways to auto fill such OTPs by developing OTP reader applications which will read OTP in mobile communicates with softwares and extension installed in computers, enabling to submit OTPs expeditiously. Hence it is requested to restrict the copy and paste option in IRCTC website and android applications…by doing so all the automation activities on NGeT (New Generation E-Ticketing) websites can effectively be stopped,” the document says.