Your fears are mostly unwarranted. Even if they could get close enough to clone your card (and their are cryptographic safeguards that make this difficult) they would be able to do a limited number of transactions before it asked for the PIN (which can not be read directly from the card, so they should not know this).
Then, when you tried to use your legit card, the on-card transaction count would clash and the card and clones would be frozen. You, as the obvious owner of the card, would be free of all liabilty and due a refund (the bank would not kick up a fuss about this, it is in their interest to reduce friction in these low amount cases to drive technology adoption).
Then, when you tried to use your legit card, the on-card transaction count would clash and the card and clones would be frozen. You, as the obvious owner of the card, would be free of all liabilty and due a refund (the bank would not kick up a fuss about this, it is in their interest to reduce friction in these low amount cases to drive technology adoption).