A Florida woman will spend nearly two years behind bars after being found guilty of fraudulently acquiring Microsoft certificate of authenticity (COA) labels and selling them in bulk.
Heidi Richards, 52, operated the company Trinity Software Distribution (Trinity) and, according to court documents, acquired Microsoft COA labels "from a variety of sources" that were separated from the software packages with which they were intended to be paired.
Richards, also known as Heidi Hastings, Heidi Shafer, and Heidi Williams, paid more than $5 million for Microsoft COA labels between 2018 and 2023.
According to the indictment [PDF], she primarily procured keys for different versions of Windows 10 (Home/Pro) and Microsoft Office (2019/2021/Home/Student).
Richards obtained thousands of keys during this time, and instructed employees to take the COA labels and transcribe the product activation codes written on them into a spreadsheet. She then sent the codes to buyers who could redeem them.
In plain terms, prosecutors said Richards was illegally obtaining Microsoft software keys and selling them at heavily discounted prices, all while personally profiting.
COA labels are one of Microsoft's anti-counterfeiting measures. They are not supposed to be sold separately from the packaging to which they were intended to be attached, but a black market for the labels exists due to vulnerabilities in Microsoft's supply chain, according to the indictment.
Microsoft hardware and software products have distinct labels incorporating anti-counterfeit measures. Earlier versions of Windows shipped with labels that used color-shifting ink, for example, among other measures. Since Office 2021, activation for the productivity software suite was made digital only, completed through the Microsoft account that purchased it.
Authorized refurbishers also have their own specific COA labels to attach to refurbished products. Labels that don't display these measures can be viewed as counterfeit and cannot legally be sold.
The labels Richards acquired were genuine and had product keys written on them, but they were obtained and later sold illegally.
Since 2016, product keys have been concealed with a silver scratch-off material so that counterfeiters or illegal resellers can't simply examine a COA label to obtain the valid key.
Richards was found guilty by a federal jury following a November 2025 trial. At the time, she was told she could face a maximum sentence of five years.
In addition to the 22 months in prison, she must also pay a $50,000 fine, said Gregory Kehoe, US attorney for the Middle District of Florida. ®
Project initiated by Nuxt lead Daniel Roe attracts wide support thanks to multiple issues with the official interface
Embeds Edge into AI assistant, ignores questions about opt-in
Geopolitical tensions turn up the pressure for European legislators
Survey of UK bosses find 62 percent of bosses rely on LLMs for help
Offers booming customer accelerator biz as evidence, while VMware props up its software business
Think before you download
Employees need guidance and support if companies really want to commit to AI adoption