Take something like the free the Square magstripe-to-audio converter, record a swipe. Clean it up and/or amplify it, connect the Square reader as headphone output, and blast the recording as loud as necessary to induce the read in a nearby swipe reader. Security-wise, "the magnetic field will generally fall off as the cube of the distance from the magnet".
In the video they mention that they 'broadcast' it, I suspect that means they are actually pushing out a straight magnetic signal which seems to the reader that a card has been swiped.
I don't think it could be NFC, as most merchant readers wouldn't have NFC built in.
It also explains why they need the special case or dongle, it doesn't appear that it can work with just your phone alone.
It's a pretty innovative hack, but on the security issue, if you card is broadcasting it's data, then I assume anybody can pick it up, but they would need to be REALLY close.
That seems to be their secret sauce. It's not NFC as that would not be compatible with existing mag-stripe readers. It has to be some method of emitting magnetic fluctuation.
It's still not clear to me how the card data goes to the POS equipment, is it NFC or something else?