You're right. As mey pointed out via the docs, @@identity is for the current session, but may return unexpected results if a trigger fires as part of the statement(s) or if you are using replication. It's almost never what you actually wanted whereas scope_identity() is. Come to think of it, perhaps the vendor I mentioned was using ident_current('tablename') which returns the last identity generated for the specified table name regardless of session and scope; this would explain the resulting behavior of the app.