I'm sure that more could in theory be done. I agree with your impression that they seem to use a very limited set of information at the moment. But speculating for a moment, there might be serious resource implications if an authorisation request from a merchant (which is presumably what triggers the fraud alerts) had to include information such as proposed delivery address.