So I don't see how you can have a payment request signing key that's safer than an SSL key. As Jeremy notes, CAs will not issue you intermediate certificates. Perhaps if one existed that would do the necessary things for a reasonable price you could indeed give yourself an offline intermediate cert and then use that to sign one cert for SSL and another for payment request signing, but as far as anyone is aware no such CA exists.

Re-reading what I wrote, it's not really clear.

Even if possible, the intermediate cert setup still wouldn't work for most merchants but I didn't make that clear. It might work for EV certs. For most sites that are just DV there's nothing you can do because CA verification is just "do you control this domain name". So if your web server is compromised it's game over. They can issue themselves a new cert, and what's more, unless wallets are checking revocation lists you can't stop them signing as you until their certificate expires.

The process for getting an EV cert is harder and there, an offline restricted intermediate cert might make more sense because you could have a compromised SSL key whilst not having a compromised identity, but it's still not possible with todays CA policies.