---
url: 'https://www.corbado.com/faq/redirect-based-passkeys-preference'
title: 'Why do payment providers prefer redirects over embeddings?'
description: 'Discover why some payment providers opt for redirect-based passkeys instead of embedded passkey authentication during checkout.'
lang: 'en'
keywords: 'Redirect-based passkeys, checkout UX, payment UX'
---

# Why do payment providers prefer redirects over embeddings?

## Why do some payment providers prefer a redirect flow over embedding passkey authentication directly in the checkout page?

Some [payment](https://www.corbado.com/passkeys-for-payment) providers prefer **redirect-based passkeys** instead
of embedding passkey authentication directly into the [merchant](https://www.corbado.com/glossary/merchant)’s
checkout page due to critical advantages related to browser compatibility, security, and
ease of implementation:

## Reasons for Preferring Redirect-Based Passkeys

### Browser Compatibility and Reliability

Redirect flows operate fully in the [payment](https://www.corbado.com/passkeys-for-payment) provider's domain,
bypassing [cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn) restrictions. Unlike embedded
[iframe](https://www.corbado.com/blog/iframe-passkeys-webauthn) methods, redirects guarantee consistent support
across all major browsers—including Safari, which currently restricts
[passkey creation](https://www.corbado.com/blog/passkey-creation-best-practices) in
[cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn) contexts.

### Simplified Technical Implementation

Redirect-based passkey implementations eliminate complex permission configurations and
reduce the likelihood of encountering compatibility issues or browser-specific bugs,
significantly decreasing development overhead.

### Enhanced Security and Compliance

Operating entirely within the [payment](https://www.corbado.com/passkeys-for-payment) provider’s secure domain
environment simplifies adherence to security standards such as
[PCI DSS](https://www.corbado.com/blog/pci-dss-4-0-authentication-passkeys) and [PSD2](https://www.corbado.com/blog/psd2-passkeys) SCA,
ensuring better protection against potential
[cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn) [vulnerabilities](https://www.corbado.com/glossary/vulnerability).

## Impact on User Experience:

While redirect flows may slightly disrupt the seamless user experience by temporarily
taking users away from the [merchant's](https://www.corbado.com/glossary/merchant) site, careful UX design (such
as clearly communicating the redirect process and swiftly returning users after
authentication) can minimize friction.

## Best Practices for Implementing Redirect-Based Passkeys

- Clearly communicate to users that they'll briefly visit the provider's domain for secure
  authentication.
- Ensure rapid redirects back to the [merchant](https://www.corbado.com/glossary/merchant)’s page after
  authentication.
- Optimize UX elements to closely resemble a native, frictionless authentication
  experience.

By employing **redirect-based passkeys**, payment providers achieve broader compatibility,
enhanced security, and simplified integration, making it an attractive option despite
potential minor UX trade-offs.

## Read the full article