@Bulb said:
No. A MITM can intercept the message to payment operator, throw it to /dev/null and send a response pretending the payment was processed. And the system orders shipping the product because it believes the money were charged, but they were not.
Sure, it requires a MITM or DNS poisoning, but still, unnecessary weakness.
Or for the simpler minded, you could just make payment with an invalid/expired card which would be rejected by the payment processor, and since nothing checks the payment processors response, the site just assumes the order has been completed and marks it as paid.