---
url: 'https://www.corbado.com/faq/secure-payment-confirmation-apple-limitations'
title: 'How does Apple’s SPC limitation block passkey checkouts?'
description: 'Apple''s limited SPC support in Safari prevents unified, frictionless cross-browser passkey checkout experiences. Learn how this affects payments.'
lang: 'en'
keywords: 'Secure Payment Confirmation Apple, passkey checkout, Safari SPC limitations'
---

# How does Apple’s SPC limitation block passkey checkouts?

## How does Apple’s limited support for Secure Payment Confirmation (SPC) block a unified cross-browser passkey checkout?

Apple’s limited support for **Secure Payment Confirmation (SPC)** significantly impacts
the ability of [payment](https://www.corbado.com/passkeys-for-payment) providers to deliver a unified, seamless
passkey checkout experience across different browsers.
[SPC](https://www.corbado.com/blog/dynamic-linking-passkeys-spc), a web standard led by Google, is designed to
standardize how [payment](https://www.corbado.com/passkeys-for-payment) providers authenticate users across
multiple [merchant](https://www.corbado.com/glossary/merchant) sites, ensuring a frictionless and secure
[payment](https://www.corbado.com/passkeys-for-payment) process similar to native solutions like
[Apple Pay](https://www.corbado.com/blog/how-to-use-apple-pay).

## Key limitations caused by Apple's approach

### Cross-Origin Restrictions

Safari blocks [passkey creation](https://www.corbado.com/blog/passkey-creation-best-practices)
(`navigator.credentials.create()`) in [cross-origin](https://www.corbado.com/blog/iframe-passkeys-webauthn)
[iframes](https://www.corbado.com/blog/iframe-passkeys-webauthn). While authentication using existing passkeys is
permitted, the inability to create new passkeys within embedded third-party contexts
severely disrupts a smooth user experience during checkout.

### No SPC Adoption in Safari

Apple has not implemented [SPC](https://www.corbado.com/blog/dynamic-linking-passkeys-spc) in Safari, likely as a
strategic decision to keep [Apple Pay](https://www.corbado.com/blog/how-to-use-apple-pay) as the preferred
payment method within its ecosystem. Consequently, payment providers are forced into using
alternative, less unified methods such as redirects or relying on passkeys previously
established on their own domains.

### Impact on User Experience

Users experience increased friction as they're redirected away from
[merchants](https://www.corbado.com/glossary/merchant)’ websites or are required to undergo additional steps,
negatively affecting [conversion rates](https://www.corbado.com/blog/logins-impact-checkout-conversion) and
checkout fluidity.

## How payment providers manage this limitation

**Hybrid Approaches:**

- Providers often use [iframe](https://www.corbado.com/blog/iframe-passkeys-webauthn)-based methods for browsers
  supporting [SPC](https://www.corbado.com/blog/dynamic-linking-passkeys-spc) and redirects for Safari to ensure
  compatibility.
- Native apps rely on system browser sessions like **ASWebAuthenticationSession (iOS)** or
  **Chrome Custom Tabs (Android)** to bypass embedded [WebView](https://www.corbado.com/blog/native-app-passkeys)
  constraints.

By strategically addressing these barriers, payment providers can still offer robust
passkey authentication solutions, although the friction introduced by Apple's restrictions
remains a significant challenge to achieving a truly unified, cross-browser checkout
experience.

## Read the full article