Here’s what I recommend.
PayPal offers the Custom AVS and CVV option as part of its Basic Fraud Tools. These tools allow you to determine how different transactions are processed based on the verification information returned from the card-issuing bank.
Steps to Activate Features:
Log in to your PayPal Business Account.
Find Account Settings, then locate Payment Preferences. Click on the Fraud Management Filters section.
Configure the AVS filter and CVV filter settings.
With these settings, you can direct PayPal to automatically flag transactions where the CVV does not match what the bank has on record.
Source : AVS and CVV Rules - Braintree SDK Docs
The cardholder must take an additional step of confirming their identity with the issuing bank under 3D Secure authentication. This step can mitigate fraud, especially unauthorized transactions.
To add 3D Secure to a PayPal integration:
Modify your Orders API call by adding the payment_source.card.attributes.verification.method field.
Set it to SCA_ALWAYS to make the 3D Secure requirement for all transactions.
This setup ensures that even if the CVV is incorrect, the transaction will not be completed without successful 3D Secure verification.