Your cards are most likely not generic as this wouldn't make much sense - having two or more identical tags is a security issue in at least non-repudiation point of view.
All systems I came to conatct with used on-line system-side control mechanism, that is, the card was a mere tag with identity info (such as card no., employee ID or some other unique identificator) which was passed by the reader to some kind of control database.
Since almost every card interaction is bound to be backed by a database, it would be, and likely is possible to trace back user's activity by a simple SQL query, if not implemented in the system's UI directly.
In a paranoid scenario there could be hidden "checkpoints" throughout the premises which may be able to activate the RFID chip on a longer distance (up to even a few meters), tracking the card movement quite precisely. This is, however, more of an TLA*-grade security assumption. In most business scenarios there will only be visible locks, doors and gates that will require deliberate user's action (i.e. physically putting the card close to the reader) and these will be the only points able to track the card reliably.
*Three Letter Agency