Tie it to some personal information difficult to trade away possibly. I would say SSN, but then you have an issue with potential unregistered people not being able to get the card in places like Cali. Unless each user gets assigned a specific number associated with their card and the card can only be replaced once a month should it be "lost". In the event the card is lost, the card is disabled and a new number assigned. Any requests for replacement cards within the month tied to a specific ID then gets investigated to determine whether fraud is occurring and whether a card should be reissued or denied for a specified period.