FYI: My payment gateway (Authorize.Net AIM) was approving cards with invalid expiration dates and CVV/CID codes. I discovered two wrongly defined fields in the "advanced parameters" section of the ViArt payment system. Add/change them if you need them...
 
x_exp_date = {cc_expiry_month}{cc_expiry_year}
 
x_card_code = cc_security_code

WTF?! Our security code was missing!
 
What was the problem with the expiration date? This appears to be fine for us.
 
thanks!

The system was ignoring Exp Dates as long as they were >today. Once the field was added this resolved itself. It was a shock to discover the missing fields, but you have to expect to double/triple check everything in a complex system like this. Don't assume all the canned information is correct, like I did!