My understanding is that the NFC reader device then owns the private key, instead of the NFC device being read from (consumer credit card or phone). Is this correct and if so, isn’t this not very useful?

If the reader controlled the keys, what’s the benefit of the consumer to use this key, as it is not particularly private.