I would do that in two seperate steps.
Why not have all traffic for site.com, redirect to
www.site.com (better for search engine rankings). You're probably worried here since the SSL certificate is for
www.site.com, and not for site.com, but better to redirect all traffic I think.
Then in the payment page I would add the https check in the php as someone previously described. You can also do the https check just for that page with rewrite rules, I found this link which should be helpful:
http://www.whoopis.com/howtos/apache-rewrite.html
Cheers,
Mubs