It is a paying account, why ban them?

This is one of the biggest misconceptions we have, and I genuinely wish we could permanently clear it up. I'll provide a few hypothetical situations (mind you, these numbers are ENTIRELY made up).

Let's say 90% of botters were compromised accounts. This means that 90% of these botters aren't paying accounts; they're stolen accounts, which are generally fueled by stolen credit cards. These payments usually get disputed and taken back, which actually costs us money. If we're looking to make a purely fiscal observation, it makes no financial sense to let these continue (aside from the fact that we don't like compromised accounts to begin with - we want our players to be playing their own accounts safely and enjoyably).

Let's go on the other side of the fence and say 90% of these botters were otherwise legitimate players paying for their accounts, as you purport. When players bot, other players are inconvenienced by this behavior (and trust me, you guys outnumber the botters, even if you may feel it's the other way around). The inconveniences range from normal players having difficulty farming on their own to struggling to keep up with an economy that's being forcibly fluctuated via unfair advantage. When players are inconvenienced in this manner, they submit petitions.

Every petition submitted goes to a Game Master for review. A living, breathing person that is paid to provide customer service looks over it, does what's necessary for the situation (in botting cases, usually forwarding the info on to our exploitation/hacks team), and provides a response. Let's say 1-2 people are inconvenienced by a single botter (in all likelihood, we probably get many more petitions per botter than that). This would mean each botter is inconveniencing at least as many, and likely more, players that are positive to the community (the kinds of players we like and want to continue to play our game). For each botter we allow to continue botting, we potentially stand to lose more than we gain for a single subscription, just out of the sheer inconvenience it causes other players.

Even if you change those numbers around of legitimate players versus compromised accounts - we only stand to lose more if we don't take action on bots (which we do, regularly).

Blizzard needs to step it up. Unfortunately, the bots you see are no longer just hacked accounts...it's actual players exploiting the game by using bots to farm when they sleep or are away, therefore when blizzard sends a message investigating the matter they respond as a real player and no action is taken..at least that is my assumption since two of these jerks are still regularly botting Uldum.

This has been stated many times before, but action being taken against botters takes a long time to come about. The reason why is pretty simple, and another player in this thread has stated it quite eloquently, so I'll be highlighting it here:

Blizzard investigates every single bot report. But as they are intelligent they wait until they can patch a hotfix for the bot before they do mass ban waves. This cures the infection instead of treating the symptom.

We don't generally hit bots individually as we receive the reports because it doesn't ultimately solve the issue - they just acquire another account, either legitimately or illegitimately, and get back to botting. Instead, it's much more effective to study the bots, devise the method they are abusing, and break that method. In the process, we also construct ways of detecting the behavior, and create systems in which we can catch those bots and remove them much more quickly.

It's an ever-evolving battle, however. Botters are smart too, and they figure out what it is we figured out, and develop new bots. We start the cycle over again, but it also means we've eliminated a method of exploitation and have to move on to the next. I hope that makes sense - it's a very lengthy process, and for the best intentions of that process (and preventing providing that info to those who would abuse it), I can't go into much more detail.

If they don't whisper you back its a pretty sure sign that they're botting

Not quite. I tend to get anti-social when I'm mining. It gets me in an almost hypnotic groove. >o.o
All jokes aside, not all players will respond to unsolicited whispers - after all, they know as little about your intentions (unless clearly stated) as you know about theirs. Some just feel like mining for a while, or do it while multi-tasking and reading Facebook or Reddit or something. I may or may not be speaking from experience. /coughs

How many real people, actual players do YOU KNOW personally that can fly around in the exact same pattern for 48 straight hours...and sometimes in fact weeks continuously without logging off?

And how many real people do you know who will sit at their computers and watch someone commit to these patterns for 48 hours straight? It's not an efficient manner to monitor bots, and we don't have our staff to do it any more than we expect our players to. It's also one of many factors that's considered, and unless you've been personally observing accounts for that long yourself, it's probably not quite working the way you perceive it to be. >^.~
There are other, better ways to identify bots and fight them. We have a team staffed specifically for this purpose. But it is time consuming, and it regrettably needs to be to be most effective. Bots don't get removed in small numerical batches; when we strike at them, it's usually in the hundreds, if not thousands.