A Florida woman has been sentenced to nearly two years in prison after being convicted of fraudulently acquiring and selling Microsoft certificate of authenticity (COA) labels in bulk. Heidi Richards, 52, who operated under the company name Trinity Software Distribution, was found to have sourced these COA labels from various channels, separating them from their intended software packages.
Details of the Operation
Richards, also known by several aliases including Heidi Hastings, Heidi Shafer, and Heidi Williams, reportedly spent over million on Microsoft COA labels between 2018 and 2023. The indictment reveals that she primarily focused on procuring product keys for multiple versions of Windows 10 (Home and Pro) as well as Microsoft Office (2019, 2021, Home, and Student).
During her operation, Richards obtained thousands of keys and directed her employees to transcribe the product activation codes from the COA labels into a spreadsheet. These codes were then distributed to buyers who could redeem them for software activation.
Legal Implications
Prosecutors characterized Richards’ actions as illegal acquisition and resale of Microsoft software keys at significantly reduced prices, allowing her to profit from the scheme. COA labels serve as a critical anti-counterfeiting measure for Microsoft, intended to be sold only with the associated software packaging. However, vulnerabilities within Microsoft’s supply chain have led to the emergence of a black market for these labels.
Microsoft’s hardware and software products feature distinct labels that incorporate various anti-counterfeiting measures. For instance, earlier versions of Windows utilized color-shifting ink, while since Office 2021, activation has transitioned to a digital-only process linked to the Microsoft account used for purchase. Authorized refurbishers also utilize specific COA labels for refurbished products, and any labels lacking these security features are deemed counterfeit and illegal for sale.
Although the labels Richards acquired were genuine and contained valid product keys, their procurement and subsequent sale were unlawful. Since 2016, Microsoft has concealed product keys under a silver scratch-off material to prevent counterfeiters and illegal resellers from easily accessing valid keys.
Sentencing Outcome
Following a trial in November 2025, a federal jury found Richards guilty of the charges against her. She faced a maximum sentence of five years but was ultimately sentenced to 22 months in prison. In addition to her prison term, Richards is required to pay a ,000 fine, as stated by Gregory Kehoe, the U.S. attorney for the Middle District of Florida.
