I agree. It takes the user out of their intended action (using your product) and puts them somewhere distracting (their email).

I've also seen it confuse users who aren't used to it.

It's great from a tech/security perspective but I wouldn't put it into my own product for those reasons. I definitely would not make it the only login mechanism.

You still have to build a business around it. Marketing/sales being the biggest effort.

That's technically how ads work in most places. You view ads instead of paying a fee. You see this in the context of free apps, free news articles, etc.

A virtual card is just as legitimate as a physical card. The numbers are just account ids basically. In my business, I setup virtual cards for many vendors.

Sounds like you're trying to detect fraud. There are fraud detection platforms particularly designed for checkout fraud. Instead of re-inventing the wheel with a theory you have, I would look into some of those solutions that are fairly robust taking into account many different factors and often data from across merchants.