Upon receiving a new transaction a node must validate it: in particular, verify that none of the transaction's inputs have been previously spent. To carry out that check the node needs to access the block chain. Any user who does not trust his network neighbors, should keep a full local copy of the blockchain, so that any input can be verified.
As noted in Nakamoto's whitepaper, it is possible to verify bitcoin payments without running a full network node (simplified payment verification, SPV). A user only needs a copy of the block headers of the longest chain, which are available by querying network nodes until it is apparent that the longest chain has been obtained. Then, get the Merkle branch linking the transaction to its block. Linking the transaction to a place in the chain demonstrates that a network node has accepted it, and blocks added after it further establish the confirmation.
As such, the verification is reliable as long as honest nodes control the network, but is vulnerable if the network is overpowered by an attacker. While network nodes can verify transactions for themselves, the simplified method can be fooled by an attacker's fabricated transactions for as long as the attacker overpowers the network. To protect against this, alerts from network nodes detecting an invalid block prompt the user's software to download the full block and verify suspect transactions to confirm their inconsistency. Businesses that receive frequent payments generally run their own nodes for more independent security and quicker verification.