I wouldnt use the mfp command set since it’s very likely you’ve got a MFC this the mfp commands may produce false positives.
If taginfo and hf 14a info produce a 4 byte uid then I’d suggest it’s a 4 byte uid. Which is very odd as I’ve never seen a MFC with signature and 4B UID; I’ll double check some of my card to make sure.
Would you be able obtain a photo of the readers?
In particular, the ‘clock in/out’ reader and a door access reader.
You could be correct that one is performing some kind of signature check and the other isnt. Another possibility is that the clock in/out reader is writing a small amount of data to the genuine card which is checked at next clock in/out; like a form of CRC. I don’t think it’s this as we could easy check card dumps before the start of work day and end. Plus, the cloned card is less likely to work for the doors as it’s ‘outdated’ but those readers may not care for the CRC type data (may use UID only).