It appears that they plan to do EMV in the future. This is rather scary, since you're trusting their hardware, and probably your phone, with the private key in your chip card.
As far as I know, EMV has no way for the user (or bank's employees, for that matter) to get that private key out of the chip card; if it was possible then the whole concept would be pretty much useless and allow easy cloning of those cards just like the old magstripes.
The system doesn't allow to "trust other hardware", the card itself has to sign every transaction.
