How does Amazon bill me without the CVC / CVV / CVV2?
That code isn't necessary. This may cause more fraud and more chargebacks, but Amazon keeps those numbers low so that they can offer a faster shopping experience such as one-click.
The only thing necessary to make a purchase is the card number and, in all but rare cases, expiration date, whether in number form or magnetic. Most systems require more information (such as matching full name, bank phone number, physical billing address with zip code, et al) so that they can deal with fraud and/or chargebacks, and sometimes this is enforced by the issuing bank.
Amazon pays a slightly higher rate to accept your payment without the CVV, but the CVV is not strictly required to present a transaction - everybody uses CVV because they get a lower rate if it is present (less risk, less cost). Nobody who knows what they are doing will store your CVV - if the card networks suspect that you are storing CVV, you will have forensic auditors on your site REALLY fast.
Where is the procedure defined? As noted above, it's the bank that boards the merchant account and there is a wide range of flexibility depending mostly on the merchant's track record for many good transactions and very few chargebacks. You and I might not be able to process transactions without an exp date, but Amazon surely can if they want to...
The CVC (sometimes "CVV" or "CVV2") is supposed to indicate whether the card is present at the time of the transaction. Card companies require that it never be stored or recorded, but rather passed directly from the customer to the merchant gateway and then immediately forgotten. Therefore, any time you give that number to a merchant, they're supposed to use it immediately and then immediately forget it.
Since this number is theoretically never recorded in any database, having this number present at the time of the transaction should indicate with greater certainty that the card itself is truly present and therefore that the transaction is not fraudulent. As such, providing this number decreases the probability of the transaction being rejected.
Alternately, a transaction submitted without the CVC indicates that the transaction was submitted using previously stored credit card information, but the card was not itself present at the time of the transaction.
Some merchants ask you to provide this number when saving a card on file. What they should be doing with the verification code if they do so is requesting verification from the bank that the code does in fact match, but then they should not store the CVC code in their database. The purpose would be to ensure that you're not storing on file a stolen credit card--primarily for the merchant's safety.
If a merchant does in fact store this code and a card company finds out, it's big trouble and can result in some steep fines.