There are lots of tools and procedures that we arm our users with to protect their identity. (ex: Two Factor Authentication, Password complexity and reset rules, etc.)
But once an identity is stolen, no tools can really identify or track the incident. The responsibility for detection liesentirely on the security officer. Why? Because “That’s the way we always did it!” With identity theft running rampant, this is just plain dangerous thinking.