Lakhs of passengers who log onto the Indian Railway Catering and Tourism Corporation (IRCTC) every day to reserve train tickets have something to cheer about. The IRCTC has decided to ramp up its e-ticketing operations by hiring the services of Standardisation Testing and Quality Certification (STQC) to conduct a security audit of its Next Generation E-Ticketing System (NGET). The STQC is an entity attached to the union government’s Department of Electronics and Information Technology.”Security audit will help IRCTC to ensure that security vulnerabilities, if any, have been detected and addressed in its e-ticketing system and the web application and IT Infrastructure devices are free from any glitches,” said Sandip Dutta, manager, public relations, IRCTC. The NGET, officials claimed, is a revamped interface of the website with user-friendly features like fast log-in and better ticket booking environment.<!– Dna_Article_Middle_300x250_BTF –>The plan for a security audit, railway officials said, is the need of the hour. dna has run a series of articles on a touting racket — possibly the biggest in the country — where people using ‘speed software’ to corner tickets on the IRCTC website. The scam, which came to light after several arrests in September last year had shown the extent to which the arrested accused were toying with the IRCTC website to corner tickets. Railways retrieved 4,782 tickets worth over Rs2 crore as part of the touting scam.Investigations by Central Railway’s commercial department and the Railway Protection Force (RPF) into the scam, which broke last September, showed that touts were using the software to circumvent IRCTC’s ‘captcha’ (acronym for Completely Automated Public Turing Test to Tell Computers and Humans Apart), a process used in computing to determine whether the user is human or not. They even knew the intervals after which the IRCTC system accepted a ticket request.”This made the IRCTC’s system strengthening immaterial for these touts. This allowed these touts to theoretically fill in up to 128 tickets per minute from a single computer. Using a high-speed data connection and ten computers, these touts built up a capacity of generating ten times that number in a single minute. It is mind-blogging the way the subversion of the system was being carried out,” said a senior railway official.IRCTC has around three crore registered users and the number is increasing by more than 15,000 new registrations a day.Aadhaar soon?In a press statement, IRCTC said that it was planning to make Aadhaar card mandatory for its user registration process for e-ticketing. This will ensure that users registering on the IRCTC website are properly identified for their identity and address through the Aadhaar card number verification, the statement said.Currently, the new user registration on the IRCTC’s internet ticketing site is done through verification of the customer’s phone number and email id by sending an OTP (one time password).


IRCTC hires service for security audit on train ticketing system