Friday, June 29, 2012

Too much of trouble from Railway agents(tatkal fraud)--Govt takes action

Steps taken by IRCTC to improve working of website.

1.     Capacity constraints:

It may be mentioned that even though capacity has been substantially increased during last few years, the demand window has shrunk to first few minutes at the time of opening of Tatkal i.e. 8AM.  This results in skewed demand where the resources remain under strain at 8 AM and underutilized during rest of the day.
Action taken

Future Plans
1.     High capacity Database servers have been installed,
2.     Internet Bandwidth has been increased from 344 mbps to 450 mbps,
3.     All available resources, including applications servers for the agent booking are diverted for Tatkal and ARP tickets booking by individual users between 8-10 AM,
4.     E-ticketing software licenses have also been augmented for handling extra load between 8-10 AM.
5.     It is proposed to augment further the software and hardware to meet the ever-growing demand.
6.     Four mobile booking service providers are already available and Mobile booking on pilot project basis was also launched by IRCTC on 29.12.2011.
7.     Further, technical evaluation of different types of mobile based technology of all major service providers have been evaluated and process is on to integrate more mobile base service providers.
8.     Single session per user ID check has been implemented w.e.f. 26.5.2012.  With this step, a user on will be able to open his account for booking of e-tickets only ones.  Multiple sessions with single user ID cannot be opened thereby enabling maximum users to access website and reduce congestion at 8 AM.

·     New e-ticketing application is under development in coordination with CRIS. With this it will be able to more than double the existing capacity and address the capacity issues of online demand of tickets.  
2.     Security measures: 

Transactions on are secure and there are zero cases of fraudulent transactions.  The website has never been hacked inspite of repeated attacks.  Multiple checks at hardware, software and network levels have been implemented to ensure IT security.
Action taken

Future Plans
1.     Indian Computer Emergency Response System (CERT-in), Department of Information and Technology, Ministry of Communications and Information Technology, Government of India, who has professional competence in the area of proactive and preventive security measures, has been requested to assist IRCTC in further strengthening the security of website in preventing automated software.

2.     The Security audit, Process Audit and Functional audit of e-ticketing system has been conducted through STQC (Standardization, Testing and Quality Certification) Department of Information Technology (DIT), Government of India.

3.     STQC has been requested for functional audit of also.

4.     It is proposed to engage best IT security firm to help on the issue.

·     Latest IT security equipments viz., firewalls etc., are proposed to be procured as per the software specifications of the new e-ticketing applications being developed by CRIS.
3.     Agents cornering tickets :

As per Railway Board guidelines, Agents are not given access to e-ticketing between 8-10 AM. Registered Agents cannot book any type of tickets during 8-10 AM including Tatkal, new ARP opening as well as non ARP non Tatkal tickets. Several stringent measures have been taken to regulate registration, booking flow of tickets on website for individual users to ensure that agents do not misuse the facility and genuine individual passengers are able to get tickets.
Action Taken
1.     All payment initiated before 8AM are logged out to eliminate the possibility of scripting with data pre-filled prior 8 AM.
2.     Single user registration on one e-mail ID with email verification has implemented,
3.     Mobile validation of users and single user registration on one mobile number has been implemented w.e.f. 25.5.2011.
4.     Only two tickets can be booked per IP address between 8-10 AM w.e.f. 21.3.2012.  IP address check has helped in preventing multiple bookings from same office complex/internet café etc.  This also helps in facilitating bookings by genuine users and prevents bookings for commercial gains.
5.     Captcha has been put and strengthened for booking in the ‘Plan My Travel’ to check fraudulent booking through automation software.
(CAPTCHAs is a technology used in attempts to prevent automated software from performing actions which degrade the quality of service of a given system)

6.     Quick Book Option* is  removed between 08:00 to 09:00 AM since 01.3.2011.  The timings has further been extended from 08:00 to 10:00 AM w.e.f. 21.11.2011.

*Quick Book option is for users who are well acquainted with the IRCTC Ticket booking Procedure. It provides a mode of booking where in the registered user has an option to populate the form in a single page and proceed to make payments to book the tickets. It is for the user who is well aware of the fare and Route details of his travel.

7.     Cash Cards have been stopped between 08:00 to 09:00 AM since 26.2.2011.  The timings has further been extended from 08:00 AM to 10:00 AM since 21.11.2011.

It is planned to explore that machine ID (computer MAC ID) may also be captured and restriction on booking tickets will be imposed per machine ID accordingly.

UID and PAN no., integration of all individual users for booking Tatkal/ARP. 

Future plans
4.     IT Anti Fraud Team (ITAF):

An IT-Anti Fraud team was formed for cyber space surveillance and pro active analysis and coordination with Railways vigilance and RPF, cyber crime police and other investigating agency.  On the basis of ITAF efforts several measures have been taken for system improvements.
Action Taken
1.     For all customers who have booked tickets between 08.00 to 08.05 AM, telephonic enquiries are being made for cross checking validity of the booking and the travelling passenger.
2.     To prevent alterations in the contents of ERS generated for main site, the necessary technical changes to disable "Copy/selection/right click" on the ERS have been implemented w.e.f. 1/10/11.  
3.     Total 508571 multiple personal User Ids and 44162 IDs created by Agents have been deactivated since 28-Feb-11 till date.

4.     A penalty of Rs.2.5 crores has been recovered from Agents for various violations based on findings by ITAF, passenger complaints, vigilance reports, press/media report etc.

5.     The ITAF is a team comprising personnel from RPF, Ticket Checking Staff and IT Supervisors.

Legal and prosecution measure:

1.     CBI/ACB, Mumbai and CVI, CSTM Western Railway jointly raided agent premises on 30.10.2010.  In March, 2011 this was reported to IT Centre.   On the basis of information provided by ITAF, IRCTC, RPF/Mumbai registered case under section 143 Railway Act against “M/s Mujawar” agent of Done Cash and associated agent M/s Alka Tours & Travel sub agent of ITZ cash card.  Similar case was also registered against M/s Manju Travel, sub agent of ITZ on account of creation of personal user IDs.  All the agent IDs and associated personal user ID were deactivated and blacklisted and penalty was imposed upon the principal agent.
2.     FIR was lodged by IRCTC, West Zone,  with Cyber Crime Police in Mumbai on dated 12.5.2011 against Kalpesh Kirtilal Shah, Mumbai & on dated 13.5.2011 against S.K. Jain (Soft valley) for running software on IRCTC website for booking Tatkal tickets and ARP tickets between 08:00-09:00 AM..  Both  were arrested by Cyber Crime Police.

3.     Internet Ticketing Centre, IRCTC filed FIR on 22.5.2012 against Star Tour Travels at Shahjahanpur, UP on the basis of passenger complaints and TTEs report of ERS manipulation.
Other measures
1.     In its efforts to provide best service to e-tickets customers, IRCTC takes regular help from consultants and industry professionals. IRCTC has appointed Gartner as technology consultant and regular help is taken from Gartner on technology issues.
2.     Close coordination is maintained with CRIS regarding e-ticketing system performance.
3.     In its efforts to provide best service to e-tickets customers, IRCTC takes regular help from Industry professionals in the area of e-commerce, online payment systems, IT Security are also consulted from time to time to implement industry best practices in IRCTC e-ticketing system.
4.     IRCTC has recently inducted IT professionals at various levels. IRCTC now has strong in-house IT team which will help in professional working and reduced dependence on outside agencies.
5.     E-mail verification is complete.  44 lakh multiple user IDs deactivated so far since 30.11.2011.
6.     During Vigilance Awareness Week’ 2011 (2.11.2011 to 14.11.2011) about 1.25 Crore e-mails were sent among the Indian Railway passengers to generate awareness about e-ticketing procedure and rules. 

No comments:

Post a Comment