This is why few Adult companies have setup Verified by Visa or 3-D Secure (though as I noted elsewhere, 3-D Secure rarely actually works) for verifying cards before charging the transaction. This is why Adult companies in the UK started scrambling when they passed legislation requiring driver's license verification. This is why no prepaid adult content card -- and there have been numerous, including one promoted by Howard Stern -- has ever really caught on. Any extra step required to pay for a site increases the percentage of people that just click off to somewhere else. Luring those people to your site in the first place is expensive, involving all sorts of advertising and affiliate deals, so anything that reduces the conversion ratio is a deal breaker.
The form says "To subscribe, remit $25 to account 12345678, and paste the transaction ID into this field." The merchant could then verify that the transaction ID matched up with a payment he received and complete the sale.
With a standardized microformat for the payment data, this could probably all be detectable and streamlined into browser plugins or apps-- you'd just see a button that redirects you to log into your bank's site with the transfer details prewired.
I figure this has plenty of benefits:
* The only remotely sensitive data you pass to the merchant is a transaction ID. You'd probably be able to actually do the sale without SSL, but certainly without most of the PCI compliance hassle.
* The merchant can't use the info you provided to enable an unexpected second charge or subscription.
* The bank can choose to make their process for executing the push transactions as "easy" or as "secure" as they (or the users) want. The merchant doesn't have to know, care, or worse, spend money to retool their site to support changes.
In a way, PayPal's flow is sort of push-oriented, but it's ugly in a lot of ways.