Speaking as a former merchant, the billing address, security code, expiration date* aren't required to process a credit card transaction. They're tools the credit card companies give merchants to help prevent fraud (while simultaneously passing laws prohibiting merchants from requiring credit card users to show ID to prove it's actually their card**).
The way it works is that if you're a merchant and you accept a fraudulent/stolen card, the onus is on you to prove that to the best of your knowledge the transaction was legit. The main way this is done is by validating the signature on the receipt matches the signature the card company has on file. When you accept a card, you're supposed to check the signature on the back of the card to insure it matches the signature on the receipt. If the cardholder requests a chargeback and the signature doesn't match, it's instantly game over - the merchant loses and the card company grants the chargeback.
If it sorta matches or (for online purchases) there is no signature, then it falls onto these secondary security measures. The more data the merchant collected which correctly matches the info the card company has on file (security code, expiration date, billing address, phone number, cardholder's birthdate, I think that's all) the better the chances the merchant will win against a chargeback. So it's in the best interests of the merchant to collect as much info as possible to protect themsevles. But on the flip side if you try to collect too much info you make the transaction more annoying for the cardholder, and risk alienating them so they go make their purchase elsewhere. Or (for brick and mortar purchases) you slow down the checkout line forcing you to hire more cashiers and add more cash registers. So the merchant picks the amount of security they're comfortable with. I've always wondered what happens if someone sets up a fake merchant account, runs a bunch of fraudulent transactions without any security checks, then absconds with the money and closes the bank account once the credit card has wired the payments, before any of the cardholders can notice and request chargebacks.
There are some other ways to get fake credit card transaction to go through that I fell victim to about 10 years ago when I lost one of my cards. I promptly called to report the card lost/stolen and figured that was that. But reviewing my card statements, I noticed a fraudulent charge on the second statement after I'd gotten a new card with a new number. After some discussion with the card company, I learned that (1) as of 2007 they still allowed carbon copy credit card transactions. Older readers may recall the credit card machines used before phone and Internet credit card machines. They'd take your card, put it in the machine, put a carbon copy form on top of it, then run a roller over the card to imprint it onto the carbon copy paper. One copy became the customer's receipt, the other the merchants. The merchant would then mail these in for processing and to receive payment. Because of the time delay, the credit card companies would continue to process these even if they were received after the card had been canceled.
"But the date on the fraudulent transaction is after I reported my card lost/stolen. Why was it still processed?" I asked. (2) The thief had processed it as a subscription service. Apparently when people have a card stolen they frequently forget to update their magazine subscriptions with the new card info. The credit card companies got tired of getting into 3-way arguments about canceled subscriptions because the payment was denied due to the card being canceled. So if the transaction is coded as payment for a subscription, the card company will "helpfully" forward the charge to the new card even if the charge was processed using the account's old (stolen) card number.
* (I don't think expiration date is required, but this was a decade ago so I don't recall exactly.)
** (The card companies are also sensitive to not making credit card transactions much more annoying than cash, so they've managed to get laws passed prohibiting surcharges for credit card payments, and prohibiting requiring credit card users to show ID - the merchant can ask, but they cannot deny the transaction if the cardholder refuses.)