Banks urgently need to improve the way they apply a code which reimburses bank transfer scam victims, according to the body which oversees it.
The Lending Standards Board (LSB) said progress has not been as it had expected and further areas of concern have also been identified.
The LSB said systemic failings are present and firms must work without delay to ensure the best outcomes for customers.
It has written to the chief executives of banks which have signed up to the code.
Problems highlighted in a previous review have not been fully addressed, the LSB said.
These related to consistency around reimbursement processes, identification of customers’ vulnerability, giving customers effective warnings about scams, and record keeping.
Further concerns include claim investigations exceeding time requirements, inconsistency in information given to victims of scams, and disproportionate responsibility being put on customers who make a claim.
The voluntary code was launched in 2019 to reimburse people who have been tricked into transferring money to a fraudster, in situations where neither they, nor their bank, is to blame. Such frauds are called authorised push payment (APP) scams.
Previously, people faced being out of pocket permanently as they had authorised the bank transfer.
However, concerns have been raised about banks applying the code in different ways and sometimes expecting customers to have sophisticated knowledge about scams. There have also been calls for greater transparency from banks over their scam reimbursement rates.
Not all banks have signed up to the code.
TSB, which has not signed up to the code but has its own fraud refund guarantee, has said it has reimbursed 99% of customers.
Emma Lovell, chief executive of the LSB said: “Firms must act immediately to implement the recommendations that were issued to them in the original review and those now raised in the follow-up.
“Time-bound action plans are in place and firms are clear on our expectations as governor of the code.”
She said there is evidence that when the code is applied correctly, it provides much-needed protection for customers.
Ms Lovell continued: “We will continue to collaborate with the industry to increase the number of firms signed up to the code and we would urge firms who are not already signed up, to consider the contents of this report and review their arrangements for dealing with APP scam cases.”
Gareth Shaw, Which? head of money said: “It’s unacceptable that many victims of bank transfer scams continue to be treated so poorly, and that multiple and repeated failures by banks are undermining the code they helped to write to protect their customers, 18 months after these problems were first identified.
“The Payment Systems Regulator must now take decisive action by introducing mandatory standards of consumer protection for all banks and payment providers and tough enforcement measures for firms that don’t follow the rules.
“The new standards must put the interests of scam victims first – not be created by and for the banks – and require greater transparency from firms on how they are dealing with this crime.”