If you can install an overlay between the keys and the actual circuit board, you can easily capture the pin, and launch a replay attack.
Well... can't the card be locked immediately after a purchase (say 30-90 s).
but then the smart card will need an internal power source, which will definitely not fit in a card.
If it does what stops anyone from hacking any VISA card in the world?
visa/mastercard is supposedly secure because POS terminals that can process EMV transactions have to be tamper evident (sealed with sticker), and can't have removable faceplates, which should remove the risk of physical keylogging attacks.
maximum rage
1. get yourself a bitcoin POS terminal
2. open it up, and place a circuit that monitors keypad input (remember, this is inside the unit, so 99.9% of the users won't notice)
3. get yourself an arduino and program it so it can do everything a normal POS terminal can do
4. hook the keylogging circuit to the arduino
5. close the entire unit, and make everything look legit
6. place it in your store
7. wait for a customer to buy something
8. the payment gets processed as usual, but now the merchant can charge the customer again, because the card is still inside, and the pin has been logged.