Encryption alone doesn't prevent replay attacks, you need something more advanced; for example controller generates a nonce, reader hashes secret + nonce, controller compares to expected value.
An attacker who can intercept and replay the comms between the keypad and the controller, can probably also intercept and replay the signals from the physical buttons into the keypad's microchip. Or perhaps more likely, point a hidden camera at the keypad.
I was thinking the same thing. Encryption still wouldn't prevent the replay attack, just the ability to determine the card's number and flash it onto a new card.
