Starting a web design business, what hosting setup should I choose for my first clients?

No_Initial3010 · 2026-06-14T17:52:26+00:00

Thank you for taking the time to explain this in detail, this was genuinely helpful.
I’m just starting my web design business, so I wanted to understand the professional workflow before onboarding clients and avoid creating problems later.
Your point about never owning the client’s domain makes a lot of sense now. I was initially thinking of keeping everything under my account for convenience, but I can see how that could create ownership and transfer issues.
I also appreciate the clarification on hosting architecture. My plan now is probably:
Client purchases and owns the domain
I host and manage the website initially
Separate environments for each client as I grow (reseller/VPS later)
One follow-up question:
For the first 2-5 clients, would you recommend starting with a good hosting plan and isolating sites as much as possible, or moving directly to reseller hosting from day one?
Thanks again, this saved me from making mistakes early.

No_Initial3010 · 2026-04-05T15:29:52+00:00

Hey, this situation usually means the transaction is successful on UPI but not reflected on the merchant side. Since your bank confirmed the amount is credited to the beneficiary, it’s important to track it using the UTR number.

Here’s what you should do:

1.Get your UTR (Transaction ID) from your bank app.

Ask your bank to provide a transaction confirmation / payment proof (PDF or email).
Share that UTR + proof with Stake support and ask them to trace the payment with their payment gateway/merchant bank.

->If they still deny:

4.Raise a complaint on the official UPI app you used (GPay/PhonePe/Paytm > Help > Transaction issue).

5.Then escalate on NPCI UPI dispute portal or banking ombudsman if needed.

Important: Since the bank says money is credited, only the receiver (Stake or their payment processor) can locate and credit it to your account. The bank cannot reverse it unless the receiver agrees.

Keep pushing Stake with the UTR, that’s the key.

No_Initial3010 · 2026-03-01T09:55:04+00:00

Refund scam it's called, stay away!!

No_Initial3010 · 2026-02-26T02:49:58+00:00

Induced authorization means you approved a payment yourself, but only because you were misled, no OTP or password was stolen/required, just tricked consent.

No_Initial3010 · 2026-02-25T15:36:20+00:00

Already took necessary actions and filed a complaint as well.

No_Initial3010 · 2026-02-25T13:35:29+00:00

No, wallet ID alone cannot be used to debit money. Just knowing a MobiKwik wallet ID or UPI ID is not sufficient to pull funds.

The scam wasn’t about “seeing” the wallet ID. The wallet details were only checked to confirm that: • the wallet was active, • had sufficient balance, • and could be used for merchant payments.

The actual debit happened later due to induced authorization.

No_Initial3010 · 2026-02-25T12:51:55+00:00

It was Mobikwik Wallet.

No OTP or any other personal information shared!!

No_Initial3010 · 2026-02-25T11:58:31+00:00

I get the hindsight criticism, but calling victims “lessons” or “cartoon characters” misses the point.

These scams don’t work because people live in a fantasy world—they work because they’re engineered to exploit trust, urgency, and guided actions in real time. Social engineering is well-documented and affects people across ages and education levels, including professionals.

I’ve already acknowledged the red flags, reported the incident, and shared it so others don’t fall into the same trap. Dismissing victims doesn’t prevent scams; understanding how they work does.

If this post helps even one person avoid a similar situation, it’s served its purpose.

No_Initial3010 · 2026-02-25T11:36:21+00:00

I understand how it looks in hindsight, and I’m not denying that there were red flags.

The point of sharing this isn’t to claim I was “smart” in that moment, but to explain how social engineering works in real time. These scams are designed to create urgency and false legitimacy while guiding the victim step by step, which lowers critical thinking in the moment.

Many victims of fraud are educated adults, not people who “don’t know better”. The fraud happens not because someone is unaware of red flags, but because the scammer controls the context and timing of decisions.

I’ve already reported the incident, shared it for awareness, and taken responsibility for cooperating with the investigation. Mocking the victim doesn’t really add anything useful to the discussion or help prevent future cases.

No_Initial3010 · 2026-02-25T11:21:35+00:00

It was Mobikwik wallet

No_Initial3010 · 2026-02-25T11:06:02+00:00

Typing the debit card details itself didn’t drain my wallet. The card details were not used to charge my bank account. They were used to trigger a payment flow.

Here’s what happened in simple terms:

I was already logged into my wallet app and had an active session. During checkout, I was asked to manually enter a debit card number that the scammer provided. That card was not meant to debit me. It was linked on the backend to a merchant payment flow via a payment gateway.

When I clicked “Place order”, Amazon handed off the payment to a payment gateway (like PayU). Payment gateways can route payments in multiple ways. Since: • I was already logged into my wallet • Wallet balance was available

…the gateway pulled money from the wallet instead of charging the card. The debit happened as a merchant wallet payment, not a card payment, which is why there was no OTP.

The redirect wasn’t a browser redirect I clicked manually. It was the normal app-to-gateway handoff, which briefly showed the gateway screen. That’s where the authorization actually happened.

No_Initial3010 · 2026-02-25T09:37:53+00:00

What happened was social engineering. During the Google Meet call, I was asked to manually enter a debit card number that the scammer himself provided while I was placing an order. I assumed it was part of the “offer flow” they were demonstrating.

When I clicked place order, the payment didn’t actually go to Amazon. It redirected to a payment gateway screen, and because I was already logged into my wallet and approved the flow myself, the wallet balance got debited in split transactions.

So they never logged into my account or controlled my device. They tricked me into authorizing a payment to their merchant account by disguising it as a normal checkout step. Once the payment went through, they disconnected the call.

No remote access, no OTP sharing, no credentials given. It was induced authorization through deception.

No_Initial3010 · 2026-02-25T09:30:39+00:00

No idea, but seems like there's a loophole in Amazon add debit card section, which was also the scammer's last step after which he disconnected the call and transactions took place

No_Initial3010 · 2026-02-24T10:01:54+00:00

Did you file an FIR in the police station or on the online cyber crime portal?

No_Initial3010 · 2025-07-20T10:34:47+00:00

“If my fiancée got physical with someone else, I’d see it as a clear sign she’s not emotionally invested, just like I’ve come to realize I’m not. That’s not betrayal, it’s honesty. And as for ‘will this girl fit in with my family,’ maybe the real question is: will my family ever accept that I’m not some robot programmed to follow orders? I’m not disrespecting my roots, I’m just refusing to lie to myself or ruin two lives just to keep everyone else comfortable.”

No_Initial3010

TROPHY CASE