"what's the point of the plastic card."
In the current system, post fingernail flick anyway, i have a feeling it's going to be money saving, ie all the id check will do is compare you to the card at the point of sale, making the central database pretty pointless.
If they are serious about security*, the card would contain part of a 2 part encryption key, and then use that key to encrypt your fingerprints/iris/face sent to the central database for comparison, rather than store it all locally. That would not only ensure that you matched the card, but that the card also matched your entry on the database, and that you matched your entry, as no-one elses card/key combination could decrypt the prints/iris, to compare them.
The only problem with that, is that the database would have to field requests non-stop from every reader, and would need to be permanantly online, which would be terribly expensive to run, at least several mp's annual expense claims, and you couldn't verify anyone if you were offline. Although it could always fall back on a card-stored copy of the prints if you were.
*i have not really read how it is supposed to work, this is just where i'd start from