As touts keep pace with tech, Railways seeks smarter ways to curb them. On-boarding a CCISO (Certified Chief Information Security Officer) is vital for critical IS Governance, security risk management, controls, and audit, leave alone the vulnerability program management and operations practice in a strategic manner.
NEW DELHI: As online train ticket booking increases, the Railways is facing a new challenge – eTouts.
eTouts use virtual tools to buy tickets before genuine passengers do. Touts book mass tickets – not for private use – but for business, shrinking the number of tickets genuine passengers have access to. Later they sell these tickets at a premium, making an illegal profit.
This has led the Indian Railways Catering and Tourism Corporation (IRCTC) to explore smarter ways to nab such tech savvy eTouts. The options explored include blocking shady IP addresses from foreign locales for a few minutes at peak traffic on its website and design software that can enable it to identify and block e-touting attempts real-time on a continuous basis.
Besides, the Railway Police has called for an update in the law to formally include e-touting in its policy lexicon.
“Every morning, as the ticket booking starts, the first 30 minutes are meant for private use only. This means both at railway counters where tickets are booked physically and through online windows, passengers can book a maximum of 10 tickets per month for private use,” said RP Pawar, RPF Zonal Training Centre, Central Railway.
Almost 60 per cent of reserved train tickets are sold online.
Railway agents share their IP addresses with IRCTC, which allows IRCTC to block ticket booking from those IP addresses. “But, agents often use private IP addresses, other than those shared with IRCTC for their clients,” Pawar told. “Our biggest worry in the reserved passenger bookings are people who are able to block others at the peak time. Some are able to create multiple identities, and have developed some software through which they are able to block others from accessing Passenger Reservation software. We are trying hard to get their footprints…But it’s a continuous process, as they keep changing the software. We need a solution from the cyber security experts,” said IRCTC’s CMD AK Manocha, who recently demitted office.
Manocha feels one option could be to block booking from foreign locations for five or 10 minutes during peak time when the booking per minute grows exponentially from 1,500-2,000 to 14,000-18,000.
Railways police officials have arrested eTouts in the past, but admit practical difficulties. They have sought updation in the Railway Act, which at present does not define eTouting separately.
“Earlier, as soon as the agents bought tickets during the time period when they were not supposed to, we could prove it as they had the booking slips. But now, we are not able to prove. So, we seize their computer, laptops, mobiles, whatever information is there. Subsequently we try to convince the court,” explained Pawar.
In his previous posting at Hubli, Pawar had seized computers, laptops, mobiles of eTouts to prove ‘unlawful possession’ in the Court. But unless, the Railway Act clearly spells out the course of action allowed to nab eTouts, Railway policemen feel they could be charged with misuse of law by courts.
During April-June 2017, 307 touts, 59,115 unauthorised vendors and 7 illegal ticketing agencies were prosecuted, according to Railways data shared in Parliament.
Pawar felt that a solution could be in linking Aadhaar, telephone number, bank accounts, all of which can be traced. Manocha echoed that the solution could lie in linking ticket booking to Aadhaar, or passport, or verifiable identities.