REFERENCE

How Wi-Fi positioning works

Everything you need to read a fraud.xxx response correctly — the physics, the fields, the accuracy, and the rules of the road.

Wi-Fi positioning 101

Every Wi-Fi access point continuously broadcasts a globally-unique hardware address — its BSSID. Access points rarely move. That makes the set of BSSIDs a device can hear a remarkably stable fingerprint of where that device physically is.

Mapping services (Apple, Google, Skyhook and others) have spent years observing which BSSIDs appear at which coordinates. fraud.xxx operates a large, US-focused observation graph of that relationship: given a BSSID we know roughly where it lives; given a coordinate we know which BSSIDs to expect nearby.

That unlocks two directions of inference:

Forward (verify): a device reports the BSSIDs it currently sees → we return where that points, and whether it matches a claimed location.
Reverse (locate): you give a coordinate or ZIP → we return the access points expected around it.

BSSID & OUI

A BSSID looks like aa:bb:cc:dd:ee:ff — six bytes. The first three (the OUI, Organizationally Unique Identifier) are assigned by the IEEE to a manufacturer, so they reveal the vendor (Cisco, Ubiquiti, eero, a phone hotspot chipset, …). fraud.xxx resolves the OUI to a vendor and a device_class, and flags addresses whose OUI bit marks them locally administered — the hallmark of a randomized or virtual MAC.

hacc, vacc & altitude

Each stored access point carries the positioning system's own error estimates:

hacc_m — horizontal accuracy in metres. The radius of the circle the AP is believed to sit within. Smaller is better; single-digit values are common in dense areas.
vacc_m — vertical accuracy in metres, when an altitude solution exists.
alt_m — estimated altitude. Useful to separate floors in tall buildings; pair it with the altitude filter on /v1/aps/nearby.

Treat hacc_m as the per-point confidence. A verify result aggregates many points, so its spread_m (how far the matched points scatter) is the better signal of overall certainty.

Randomized MACs & twins

Phones and some APs rotate their MAC address for privacy. These randomized MACs are marked is_random: true — they are poor location anchors and should be discounted. fraud.xxx also detects twins: the same BSSID observed at two distinct locations (a device that physically moved, or address reuse). When present, the twin object reports the second location and how far it sits from the primary, so you can decide whether the anchor is trustworthy.

ZIP vs coordinate precision

You can query by exact lat/lon or by zip. They are not the same thing, and fraud.xxx never pretends they are:

precision.mode	est_accuracy_m	Meaning
coordinate	5–30	Address-level. Safe for verification.
zip_centroid	2,000–10,000	The geometric centre of a ZIP. Coarse enrichment only — never proof.

Every response includes a precision object. If you make risk decisions, branch on precision.mode — a zip_centroid answer must never be treated as a fix.

Confidence & freshness

Access points move, get replaced, or vanish. A point last seen two years ago is weaker evidence than one seen last week. fraud.xxx exposes this directly:

first_seen / last_seen — observation window for the point.
confidence (on verify) — 0…1, combining how many submitted BSSIDs matched and how tightly they cluster.
spread_m — the geographic scatter of matched points; low spread = high certainty.

Rule of thumb: confidence > 0.7 with spread < 100 m is a strong on-site match. Anything ZIP-derived is contextual, not conclusive.

Response field glossary

Fields returned by /v1/aps/nearby, /v1/aps/lookup and /v1/aps/{bssid}.

Field	Type	Description
bssid	string	Normalised AP hardware address.
lat, lon	float	Estimated AP location (WGS-84).
hacc_m / vacc_m	int	Horizontal / vertical accuracy, metres.
alt_m	int	Estimated altitude, metres.
distance_m	float	Distance from the query point (nearby queries).
vendor	string	Manufacturer resolved from the OUI.
device_class	string	Inferred hardware type (router, AP, hotspot…).
is_random	bool	Locally-administered / randomized address.
twin	object	Second observed location for this BSSID, if any.
first_seen / last_seen	datetime	Observation window — your freshness signal.
zip_code / zip_city / zip_state	string	Reverse-geocoded ZIP context.
phone_area_codes	string[]	Area codes covering the location.

Quickstart

Authenticate with X-API-Key (or Authorization: Bearer). Base URL https://api.fraud.xxx.

# Verify observed BSSIDs
curl -s https://api.fraud.xxx/v1/verify \
  -H "X-API-Key: $FRAUDXXX_KEY" \
  -H "Content-Type: application/json" \
  -d '{"bssids":["aa:bb:cc:dd:ee:ff","12:34:56:78:9a:bc"]}'

# Reverse lookup by ZIP (coarse) or coordinate (precise)
curl -s "https://api.fraud.xxx/v1/aps/nearby?zip=10003&limit=25" \
  -H "X-API-Key: $FRAUDXXX_KEY"

import os, httpx

fraud = httpx.Client(
    base_url="https://api.fraud.xxx",
    headers={"X-API-Key": os.environ["FRAUDXXX_KEY"]},
    timeout=10,
)

r = fraud.post("/v1/verify", json={
    "bssids": ["aa:bb:cc:dd:ee:ff", "12:34:56:78:9a:bc"],
})
v = r.json()
if v["confidence"] > 0.7 and v["spread_m"] < 100:
    print("on-site match", v["centroid"])

const res = await fetch("https://api.fraud.xxx/v1/verify", {
  method: "POST",
  headers: {
    "X-API-Key": process.env.FRAUDXXX_KEY,
    "Content-Type": "application/json",
  },
  body: JSON.stringify({ bssids: ["aa:bb:cc:dd:ee:ff", "12:34:56:78:9a:bc"] }),
});
const v = await res.json();
const trusted = v.confidence > 0.7 && v.spread_m < 100;

Recipe: a login anti-spoof check

Collect the BSSIDs the client sees (mobile SDK / browser permission), then gate the session:

verdict = fraud.post("/v1/verify", json={"bssids": observed}).json()

claimed = (user.profile_lat, user.profile_lon)
near = haversine_m(claimed, verdict["centroid"]) if verdict["matched"] else 1e9

if verdict["confidence"] > 0.7 and near < 500:
    risk -= 30          # network environment confirms the claim
elif verdict["matched"] and near > 50_000:
    risk += 40          # device sees networks far from where it claims to be

Use the result as one factor among many. See acceptable use below.

Acceptable use

fraud.xxx is a B2B risk and verification signal. By using the API you agree:

Permitted: fraud prevention, account-takeover defense, KYC/AML, geo-compliance, delivery/field verification, security research.
Prohibited: stalking, surveillance of individuals, people-search, locating a specific person's home, consumer tracking without consent, bulk export or resale of the underlying access-point data, or any use that violates applicable law.
Results are a probabilistic signal, not legal proof of any person's location. Do not use fraud.xxx as the sole basis for an adverse decision about an individual.
Access is reviewed and may be revoked for abuse. Requests are logged.

Privacy & opt-out

Access-point owners can request suppression. Networks whose SSID ends in _nomap are excluded by upstream providers and are not collected.

To remove a specific BSSID or report misuse, email privacy@fraud.xxx with the address; verified requests are suppressed promptly.

fraud.xxx is not affiliated with, endorsed by, or connected to Apple Inc. or any network operator.

← Back to home Get an API key →