Primitive RFID keys can generally be copied easily. (CloneMyKey.com says it can clone 90% of RFID tags.)
In most cases it's just a chip that emits an ID, which can't be changed. But sometimes it can be reprogrammed - and sometimes you can order tags programmed with specific requested IDs. (See YouTube videos for RFID Cloning.)
The card itself doesn't have to be a card, it can be a device, which obviously won't have a burned-in ID, which can be used to replay RF transmissions to mimic the signals normally emitted by a legitimate card. They are just radio waves after all.
Some systems will use a simple ID check from the card to determine if the card has the right ID to allow access.
Some systems (like NFC) do have protection from these replay attacks, with varying degrees of fallibility. The same technology is used in Oyster cards, on the London transport network for example, and there are numerous cases of this technology being hacked, with card skimming and replay attacks taking place and uploaded to YouTube - How to Clone an Oyster Card.
Credit/Debit card NFC payments involves two parts of information being sent from the card to the reader, one request from the reader is to identify the type of card, next the reader makes a request to the card that is specific to the type of card, this effectively unlocks the card, which then transmits the next piece of data, used to confirm the card is legitimate.
The second request the card makes involves using a secret key that is proprietary information, known only those associated with the card industry. The card itself has built in defences to prevent brute force attacks to discover this key.
So yes, it is possible to clone some RFID cards (or tags), and it is possible to impersonate them with devices, but it depends how a specific system is using these devices as to how vulnerable each system is to this style if attack.
Is NFC still a vulnerable technology
