Secure Iframe On Unsecure Page In A Different Domain

- 1 answer

Our company is looking into allowing third party sites to use our online checkout system.

A client has stated that they would like to be able to use a lightbox style popup to display the checkout. And they would like this to be available on every page of the site, therefore mostly unsecure pages. Our checkout system and the client site are obviously on different domains.

I'm guessing that I could use a secure iframe (using https) to display our checkout system.

Would this iframe actually be secure?

Is the a sensible thing to do? (my gut says no, as how can the user tell the page is secure)

Are there any better ways to achieve this same functionality?



Have you seen how other similar checkout systems work? For example the paypal checkout on ebay? They take you trough the checkout process "full screen" and back to the original site when the transaction is complete.