It’s probably a bit more complicated than that… a city that relies so much on tourism economically can’t just start banning one of the main ways tourists stay there.

Did you read the article? Unless someone had physical access to your (unlocked) phone and was able to pin an app, then tap it against specialized hardware (unlikely you could get a normal card terminal to run this exploit), it’s extremely unlikely that this is how your details got stolen.