Maybe getting the card numbers (card, code, expiry) is just phase I of weakness with limited applicability for in-person transactions. Nobody asks my address at the electronics shop when I have a $800 TV in my cart.
And perhaps they have other databases that allow them to correlate incomplete card numbers with names and addresses to create useful online transactions where they info can be asked.
IMHO, the only useful solution to this is two factor RSA-style authentication. Go ahead and know all the card info, but unless you can guess the random digits it would be worthless. Pity that fraud doesn't cost VISA and merchants can build most of their costs into product pricing.