Yes, IPN is the way to go, and it's not all that difficult.
You have to read the IPN docs, but it works like this.
You go into payPal and enable IPN, enter the URL to the "listener" script described below. Whenever a payment is made, it sends a token to the listener script.
You create some script, let's call it a "listener" script. All it does is "listen" for a message sent from paypal. What payPal sends is a transaction id when a payment is complete. This is particularly cool if someone pays via eCheck, which can take up to three days to clear - three days later, the payment clears and the IPN token is sent to your listener script.
Within the listener script you have to post back to payPal using curl and append the token with "&cmd=_notify-validate." Note: this SHOULD be done over https, and there's a thread around here about non-https IPN functions failing, don't know if this is temporary or permanent.
Within your listener script, if the response is VERIFIED, you update your database.
This allows you to eliminate a lot of user error. In your scenario, the user is making a payment and you are "hoping" they click the link to "return to merchant." If they don't, the whole thing falls down.
With IPN, they enter all their info FIRST, and you add it to the database, but your database has, say, a "transaction_complete" field that is set to 0. Then they are sent on to make the payment.
If they don't use the "return to merchant" link, the IPN completes the process for them, and your listener script sets "transaction_complete" to 1, eliminating user error.