I wouldn't say this is much of a solution to the problem, though. There's no guarantee that anyone will attempt to use your canary card before they use your actual card. For one-time purchases, a better approach is to generate ephemeral cards that can only be used for a short amount of time, where it doesn't matter if the card gets leaked. And plenty of credit cards do offer this service.
Think about it at the population level: nobody is impervious to theft but it lowers the window for an attacker to quietly steal money considerably and forces them to slow down their activity trying to avoid canaries.
To use a physical security analogy, real world bank robbery is a fool’s game now because of many measures which do not perfectly prevent theft but effectively reduce the profits & odds of avoiding capture. If attackers can’t get enough money to be worth the risk & effort far fewer people are going to try even though it’s still possible.
I'd say this is still putting the burden on the wrong party, though. For this to serve as a useful deterrent in general, canaries need to be quite common. Rather than hoping that thousands of customers will choose to use a canary and monitor individually, any company that stores credit cards should instead contract with an outside auditor, whereby any time a user stores a real credit card in the system, the auditor generates a canary and stores that in the database as well. This way it happens transparently in the backend, without having to ask users to do it, and immediately turns any credential leak into a minefield where you have a 50% chance of getting only one card before a canary goes off.
I don’t think those options are mutually exclusive: merchants should definitely be doing it but note also that many of the scenarios are things where you might want to verify your personal data storage or deal with internal business security.
