The card itself just had an ID number that identifies itself. When you swipe your card in the lock the lock asks a central database, “Hey, card number 001 just asked to come in. Is it allowed?” Then the database tells the lock yes or no. To change the card you can just allow a new one to that lock and disable the old one. If the card is lost completely you can just tell the system to ignore it from now on and it will never allow it access again. Since every card had a unique identifier, much more complex than my 001 example you will never run out of potential card IDs and cards could arguably be used on multiple independent systems without conflict.

Caveat: this is a typical product set up. Some products may vary or operate with a completely different system.