Any serious company will have it boldly stated in their Terms of Service. Especially with the upcoming changes concerning GDPR one should clearly inform their customers about how sensitive information such as cardholder data are being processed, and the Privacy Policy is the right place to highlight that kind of information.

Moreover, look for banners on their website. One of the compliance check rules when onboarding a new merchant asks for clearly displaying the Visa and Mastercard logos, and a lot of payment providers offer their merchants an easy way to install banners with these logos plus a security mark, stating who processes those payments, very likely in a secure way.

If this doesn’t cut it, you can always try and make a test order, to see where you are being redirected after the checkout. This page usually helps you identify who is the payment processor, and here are some cues to spot:

company name and logo (again, important if the PSP is keen on highlighting security)
support email and phone number (where you can spot the domain name)
(sub)domain of the page (this can be however customised)
SSL certificate
looking under the bonnet (HTML source code can reveal a lot in this regard)