We were testing some live orders today, and believe we found an instance where a bad CVV was provided, but the payment completed successfully. We have not been able to reproduce this, but were hoping more details on the transaction could be provided to get a better idea of what happened. The payment ID is: rnBcEWxNxyxgs8it5UQgwsCla5MZY
Any info on this would be greatly appreciated. Thanks!
CVV or card validation value matching, is a factor that our fraud prevention models and banks consider when assessing risk. When fraud detection models analyze a payment, they take a number of factors into account to determine if the AVS/CVV code was either unintentionally mistyped or if it was a fraudulent transaction. If the data points to an unintentional mistype, approval of the payment may occur or it will be declined. 
Thanks for the response @Bryan-Square! We found that the transaction was ultimately declined by the bank, even though the “Make payment” call returned a status response of “COMPLETED”. You’re saying this is a normal occurrence? Would there be an indication in the square dashboard that the payment failed to finalize in this scenario? Thanks again!
@joel.h I show that the payment was refunded. Once a payment is approved and completed it can’t further be declined by the bank. This isn’t a normal occurrence however it can happen.