Yes, that's exactly right. I heard about this while it was still a Kickstarter-style project, and as soon as I realized that the "Loop" in the name was a reference to an induction loop, I immediately thought "well, I'll just build a larger loop, and hide that under the table the payment terminal is on, and wirelessly capture the raw track data from the card".
My second thought was "there's no way to be sure that a given customer is using the official app, or even the official hardware, so if even one bank legitimizes this, criminals are going to have a field day, because using a card-spoofing magnetic field generator will be 'normal'".
The best part is because it uses a magnetic field (instead of radio waves), there's (AFAIK) no feasible way to build a shield to limit the scope of that field. My understanding is that one could e.g. covertly install an induction loop around an entire building, and stand a reasonable chance of being able to capture all of the transactions sent via this system within that building.
The company behind it is super-sketchy, IMO. They alpha-tested the device by walking into random stores with a hidden camera and socially-engineered the salespeople into letting them "pay with [their] phone", AKA "use this total hack of a device to make a payment that could be completely unauthorized".
It's also not *guaranteed* to work. *Most* mag-stripe readers will apparently function even if no card is physically swiped, but some of them do require that a wheel be spun by the card physically swiping through the reader.
I'm beyond shocked that Visa got involved in this in a positive way (as opposed to shutting them down). The whole credit card payment model is based around salespeople being reasonably sure that the customer is paying with something that was genuinely issued by a bank. A LoopPay-style device completely circumvents that. There is no cryptographic protection as a countermeasure, like with EMV or NFC - the salespeople just have to take on faith that it's a legitimate account being used.
We already have two superior systems (NFC and EMV) being deployed. I'm completely baffled that LoopPay isn't being laughed out of business.