What happens if I don't collect any data other than CC# and Exp. Date?
Then you don't submit it. There are very few required pieces of information to successfully process a transaction. But business rules may dictate otherwise.
Why does the documentation hint at CCV checking, but not list x_card_num in the table? Is this not an important field?
It is not required to process a transaction. But it is handy for reducing fraud and may be required to keep their rates at a minimum. If the merchant doesn't care about fraud or their processing fees, this field is not useful or necessary to collect.
Without using AVS, would transactions be at a higher risk of being declined?
No.
Is there a definitive list of recommended fields or best practices?
This will vary by card type. But generally always send over the card number, expiration date, cvv, address, and amount. If you will be processing level three cards there are other required pieces of information but i cannot name those off of the top of my head.
Why are the base requirements so lenient? Aren't there drawbacks?
Omitting certain pieces of information can result in:
Higher fees - AVS and CVV are not required to process a transaction but are required to keep fraud incidences low. Not performing AVS and CVV results in a higher incidence of fraud and this is passed on to the merchant in the form of higher fees for those transactions.
Higher fraud - AVS and CVV both together and combined with other methods can greatly reduce fraud for a merchant. Not capturing that information significantly increases a merchant's chances of experiencing loss due to fraud.