Heidi Richards paid more than $5M for certificate of authenticity labels in five years

A Florida woman will spend nearly two years behind bars after being found guilty of fraudulently acquiring Microsoft certificate of authenticity (COA) labels and selling them in bulk.

Heidi Richards, 52, operated the company Trinity Software Distribution (Trinity) and, according to court documents, acquired Microsoft COA labels "from a variety of sources" that were separated from the software packages with which they were intended to be paired.

Richards, also known as Heidi Hastings, Heidi Shafer, and Heidi Williams, paid more than $5 million for Microsoft COA labels between 2018 and 2023.

According to the indictment [PDF], she primarily procured keys for different versions of Windows 10 (Home/Pro) and Microsoft Office (2019/2021/Home/Student). 

Richards obtained thousands of keys during this time, and instructed employees to take the COA labels and transcribe the product activation codes written on them into a spreadsheet. She then sent the codes to buyers ...