As I understand it, serious smart cards have been explicitly designed and audited to resist power monitoring attacks. There are fancy consultants who specialize in this sort of thing, and I think the major players use their services.