Thanks everyone!

The BA website first asked me for the card details, I entered them including the wrong CVV, whereupon it passed to Amex Safekey card verification in the usual way.

Amex Safekey then sent a one-time code to my phone which in retrospect surprised me - why did they do this if they had received an incorrect CVV? although my BA purchases don't normally trigger this level of security anyway - and when I typed it into the browser window, the Amex app on my iPhone immediately signalled that a (pending) payment was made.

Only then did the BA website display the error message telling me my CVV was wrong and that I should reenter the card details or try a different card.

Anyway, I'm evidently not the only one to have experienced this.