Recurly still supports hosted payment pages in which case the merchant doesn't need SSL.

As far as I know, Recurly and Stripe are the only two processors providing JavaScript libraries to tokenize credit card information such that merchants do not handle the credit card information that suscepts them to PCI compliance.

socialgold had a similar product before google acquired it.