What Congress can do by Mordaxus
I had an attempt to steal my identity last month. Probably a bad idea for someone to try to steal the ID of a Info Security guy. In any case the card company (with help from us) chased down the perp.
The pattern matched what some other in the security blogsphere posted previously (sorry I searched but couldn't find the actual post, if you email it to me I will link) in that the theft was from my old mailbox not from any on line source.
I was pleasantly surprised with the credit card companies response. They clearly flagged the transaction early, they contacted us and verified information, they provided us with details on what occurred and what we should expect to see. Although they were thorough in ensuring that it wasn't me or my wife that took the money they were respectful and quick about it and didn't require (I should probably say try to require) me to do any significant work or divulge any information of my own.
So some companies (in this case Chase) clearly do take it as their responsibility.