In other words, in order read the character as a dot (i.e. If we did not escape the dot with a backslash (i.e. .) then the regex would search for any single character (excpet a new line character such as \n).
So this regex pattern is searching for a dot with any letter (lower-case or upper-case), any digit, or any underscore, plus or negative sign and this set of characters could occur zero or more times.
For a credit card number the real validation happens on the server side, but some preliminary pattern checking is done on the server end as well.
The check Email Regex checks the email and validates it against a regular expression (regex) pattern.
If the validation fails then the check Email Regex() function will return false to the check Whole Form() function.
The issue you're having is, you (mistakenly) believe that a valid email address requires a top-level-domain label (at least one "." character in the portion of the email address following the "@").
This is in fact not correct, either in the RFC or in the recomendations of the WHATWG or W3C (see https://whatwg.org/multipage/forms.html#valid-e-mail-address or details).