I'm making a updateCustomerPaymentProfileRequest API call (CIM product) with validationMode set to liveMode. I don't believe AuthNet is performing the $0.01 ($0.00 in the case of Visa) auth because even with an incorrect CCV number, the payment profile is always updateable. Please advise.
I'm assuming you're running this on a production account and not sandbox. Do you have card code validation turned on in your control panel? If you don't, the card would probably go through even if the CCV is incorrect. Also, is the card you're testing with AmEx?
Production account, yes.
CCV turned on in the control panel, yes, if you mean:
Fraud Detection Suite > Enhanced Card Code Verification (CCV) Handling Filter is set to "enabled" and if "card code value does NOT match" is set to "decline".
When creating a payment profile, bad CCVs don't get through. But they do when updating payment profiles.