Popup Storefronts and Browser Security Features

Last modified October 2, 2018

This article applies to Contextual Commerce. (Looking for Classic Commerce documentation?)

If the website to which you add a Popup Storefront does not use a secure (https) protocol, most web browsers today will not display a lock icon. This may cause some customers to complain or even to abandon the purchase process without entering any payment information. Many customers have learned not to enter sensitive information online if their web browsers do not display a lock icon indicating a secure connection.

Here are examples of the lock icons used on Windows by Google Chrome and Mozilla Firefox, respectively:

Example of the lock icon on Google Chrome for Windows Example of the lock icon on Mozilla Firefox for Windows

Technically, information entered on a Popup Storefront is secure. When the Popup Storefront opens, customers are actually typing their information into a page on FastSpring's server, which uses a secure protocol (https); the Popup Storefront is merely opened in an iframe on your website. Because the containing page does not use https, the customers' browsers won't display the lock icon even though the data entered into the iframe is securely encrypted for transmission to FastSpring.

In addition, current versions of Google Chrome may display a message such as "Automatic credit card filling disabled because form does not use secure connection", which may also cause concern for customers.

If you experience significant customer complaints and / or cart abandonment due to these issues, two options are available:

  • Purchase a security certificate for your website from a trusted certifying authority, and switch to the https: protocol.
  • Consider switching to a Web Storefront, which is hosted entirely on FastSpring's servers and uses the https: protocol.