Other domain for the OOB confirmation

In my recent post about CSRF I suggested to introduce an additional "Approve" button to the form which would play a role of an out -of-band confirmation mechanism. Now I'll try to improve that slightly.

First, we have a page with an original form. Also we add a hidden (as yet) IFRAME which is deployed on an other domain. The trick is in what happens at the moment of the form submission. After the "Submit" button is pressed, two things happen consequently:

1. The form data is submitted asynchronously and the form is made invisible.
   
2. The previously hidden IFRAME appears instead of the form on the top of the other content. This frame displays a confirmation warning and suggests the user to click somewhere inside. Then the user clicks and the confirmation token is sent to the server. The transaction is commited.

To prevent the possibility of relaying the frame to an adversary's site, I'd suggest to use a watermark logo on the background of the frame.
Also, I think that confirming the transaction after the data is sent must be better.