Most companies are using RFID based single authentication. It actually is not hard to duplicate these cards unless you update your security very often. Unfortunately, today we are seeing most companies stick with their old card systems for logging employee hours and doors which is very easy to crack.
Watch this quick video from Andreas Spiess, one of our favorites youtubers with incredible knowledge and demonstrations.
This technology is actually very cheap and any kind of material can be purchased under $10 to achieve such disastrous results. Here is an example from aliexpress:
There are also reader and writers under $10.
Long story short, we recommend every client to make sure their card systems are encrypted, and use advanced authentication systems we see in newer cards. One way static cards are not enough. Please contact your security company to check your cards and make sure you update your systems before it is too late.