I have experience of working with WorldPay's "Select Junior" account. That works well, and can be set up to be acceptable secure something like this: configure the WP account to invoke a callback CGI script on your own server on completion, and configure a password for it to supply; when invoked, check that a) you were invoked via https; b) the password has been supplied correctly; then c) look up the order reference supplied, d) check that the currency and amount tally with what you expected, and e) that the transaction was successful.

I recently started looking at the PayPal offerings, and it looks as if the mechanisms they provide are similar enough to offer the same degree of security for a similar amount of development effort.

I also looked at another option, the "Protx Form kit". Unfortunately I wasn't able to see a way to use this securely, and when I spoke to their developers they agreed with my analysis of the vulnerabilities, but did not offer any hope that they might be fixed. (The company also offers a "Server kit", but it's Windows only so I didn't evaluate it.)

Hugo