The problem of mistaken identity in e-commerce transactions brings together seemingly unrelated issues: privacy, network security, digital signatures – and classic contract law. The technological characteristics of the Internet have a tendency to turn traditional legal doctrines on their head, or, at least expose flaws in existing legal arguments. Combining an academic exercise with the practical implications of the insecurity of the Internet, this paper draws some unexpected conclusions regarding cases of mistaken identity. The latter must be analysed afresh with a number of factors in mind: the more widespread use of fictitious identities in on-line transactions, the higher incidence of identity theft and the greater difficulty of authenticating the other transacting party. The paper also observes how the trend to maintain the privacy of Internet users indirectly clashes with efforts to ensure transactional security in e-commerce. An indispensable prerequisite of the latter is the ability to identify the other party to the transaction.