Why was a transaction marked "successful" in Recurly when it's flagged for fraud in Authorize.net?

Auth.net has its own built in fraud velocity system. If a merchant has this enabled, the transaction sends back as "successful" to Recurly, and is then put in a "pending/processing" status in Auth.net. If the transaction is finally declined in auth.net, it will still remain as successful in Recurly since we don't continue communicating with the gateway.

You do have the ability to turn off the feature in Authorize.net, so I recommend contacting their support team directly if you'd like to do that: https://www.authorize.net/support/