OK - Here is the fix. Thanks for picking that up. I reformatted a little to match up with the standard cc module. But the key was correct opening/closing of tags. Also - the test for CVV2 length was incorrect - so please note that change as well.

Code:
    function javascript_validation() {
      $js = '  if (payment_value == "' . $this->code . '") {' . "\n" .
            '    var cc_owner = document.checkout_payment.qbms_cc_owner.value;' . "\n" .
            '    var cc_number = document.checkout_payment.qbms_cc_number.value;' . "\n" .
            '    if (cc_owner == "" || cc_owner.length < ' . CC_OWNER_MIN_LENGTH . ') {' . "\n" .
            '      error_message = error_message + "' . MODULE_PAYMENT_QBMS_TEXT_JS_CC_OWNER . '";' . "\n" .
            '      error = 1;' . "\n" .
            '    }' . "\n" .
            '    if (cc_number == "" || cc_number.length < ' . CC_NUMBER_MIN_LENGTH . ') {' . "\n" .
            '      error_message = error_message + "' . MODULE_PAYMENT_QBMS_TEXT_JS_CC_NUMBER . '";' . "\n" .
            '      error = 1;' . "\n" .
            '    }' . "\n";
                 if (MODULE_PAYMENT_QBMS_VERIFY_WITH_CVV2 == 'True') {
     $js .= '    var cc_cvv2 = document.checkout_payment.qbms_cc_cvv2.value;' . "\n" .
            '    if (cc_cvv2 == "" || cc_cvv2.length < ' . 3 . ') {' . "\n" .
            '      error_message = error_message + "' . MODULE_PAYMENT_QBMS_TEXT_JS_CC_CVV2 . '";' . "\n" .
            '      error = 1;' . "\n" .
            '    }' . "\n";
           }
     $js .= '  }' . "\n";
      return $js;
    }