
Unless the German team release absolutely everything, the basic analysis would have to be repeated by whoever wants to recreate the attack.

I am not even sure this counts as a "crack". If you use these cards in your canteen, how likely are you to go up against a team of people who spend months doing blackbox analysis of the cards? If that isn't likely, it makes sense to save money. Like anything in engineering, these cards boil down to a cost/benefit analysis. Lots of hardware is vulnerable to this kind of ultra-intensive probing (eg, the Xbox).

I think selling cards that aren't resistant to side channel attacks like this is a perfectly reasonable decision. It only works if you've already spent months profiling the card's architecture, behavior and responses.

It takes about seven hours to crack the security on one card and get its 112-bit encryption key, the researchers said.
