In my guild only officers are allowed in the guild bank. 5 accounts have bank access and none of them are likely to be hacked. If raiders need something for a raid (free consumables/repairs/respecs/etc) it comes through an officer.

To keep the whole officer alt scam from working, have 2 ranks. Officer and officer alt, the later having no money withdrawal permissions and 1-5 stacks per day.

There was a bank hacked on Elune over Christmas - got a good supply of Hearts/BT gems/patterns/etc. I never gave the officers in JC full access like the other guild officers had, but I still tweaked our permissions some. 1000g/day, 10 stacks/day for the 3 officers. Raiders can deposit into any tab but only withdraw 1 stack/day from Tab 1, which is basically junk. If any of the 3 officers ever need more then 1000g in a 24hr period they all have my cell number.

I'm sure that people will get a virus/spyware/keylogger at some point, with so much profit to be made by stealing WoW accounts it's no surprise to me how many stories you hear. I hope that I never have to deal with my WoW accounts being compromised, I multi-box and have 5 accounts so they'll think they hit the jackpot... It is nice to hear people say that Blizzard has been willing to restore the items that were taken in most of the guild bank heists that have occurred.

In a somewhat related note, I'd sure like to have a "Transaction note" slot in the bank log. I'm the guild leader, and although I know I'm not doing anything shady like pocketing funds or anything, I'd really like the transparency factor involved there so everything is a bit more easily explained.

Example --

Thrush withdrew 1000g (Buying Boar's Speed enchant for XXXXX"

Or, an even better example

Thrush withdraws Random Blue piece of crap (AH'ing)
Thrush deposited 75g (Sale of random blue piece of crap)

They've already got every transaction logged in a ridiculously concise way. Might as well give us 20 or 30 characters to note what it's for.

...and then you have cases such as ours.

About a month ago now, our guild leader decided he didn't like the officers, booted half of the people out of the guild, waited for 2 weeks to see who showed up 'connected' to the officers (including 5-mans, alt-guilds, raids, etc...), booted them out (which was near everyone else) then server transfered with 200+ hearts, 60+ epic gems and 30k+ gold (and probably another 30k in primals, gems, enchanting mats, etc...). He even leveled up at least 2 alts to level 10 to help carry it.

Blizzard denied all requests for assistance, as we 'allowed' him to do this.

Rule #1:
Make sure you trust the person in charge.

My guild should never really have a problem with this when it comes to general raiders and officers. The way we have it set up is you can take out 1 stack a day from the first 2 tabs which is full of raid consumables. Gold can never be taken out by anyone except for the GM. The other tabs are only accessible via the GM. Anyone can deposit into any of the tabs and can deposit gold. The worst a hacker could do is take 2 stacks of raid consumables.

If the GM was key-logged it would be disastrous but he is pretty good at getting his pron from legit sources!

With a guild name like yours I swear I would never have seen that coming.

Some ideas.

First, know the people who have access. In other words it is best to be on a first name basis with these people and meet them in the real world if possible. The best run guilds I have been in are those run by people who knew each other before WOW.

Second, limits. I think having tabs where people can see the items but never withdraw are good. Just have a request system in place. the GM could take these by PM. If they meet the previous description you could allow those people to pull one or two stacks per day. Note, the ONE OR TWO. Honestly, if someone needs access to ten stacks at any one time don't you think it should be planned for? Its not like you suddenly run into the need for ten stacks of LPS eh?

Same with gold. Repair only. Any withdrawal should be a planned expense. Need an enchant? Pay for it yourself. If its "for the guild" then plan it out and get the money ahead of time. You don't need access or give access to the bank gold just so someone can get something for the guild. If its that important then you will have made arrangements ahead of time. Important items like that are not spur of the moment so don't fall into the trap of giving access "for emergencies" because there aren't any in game. If players are not prepared on their side for such emergencies they shouldn't be in your guild

A very good idea that i'd like to highlight:

Having a vault keypad appear when you click a guildbank seems like a brilliant idea. Will help against keyloggers, idiocy etc etc, easy to implement, adds realism to game (banks have security right? RP it). The best thing i see about this is it allows friends/family/etc to play chars without risking the guildbank at all, although i can't see blizzard implementing this feature for this reason since they say 'friends playing' is against the rules anyway, last i heard.

Also:

Delay on permission changes, of 24 hours or whatever, so that a Guild Master can set himself a limit on gold withdrawls and the change will only take place after. Implement this along with 'omg our Guild Master is ninjaing us, halp' button that if enough guildmembers press it will either restrict access from Guild Master or alert a Game Master.

I would just like mention that I personally walk on the side of caution with The Armory and WoW Forums.

Keyloggers aren't limited to just in-game logins and as we have to use the same password and username for the armory guild bank viewing and forums. It's an extra risk which people should all be aware of, and use appropriate measures.

This would be disasterous imho. In theory this would completely nullify keyloggers, it would create a much different risk altogether. From guildies "accidently" giving their number out to lower rank members or even an alt of a nonguildy that somehow slipped into the ranks, to people "forgetting" their code and possibly getting the GM's by accident and taking advantage of it. I'm very trusting of all my members and know something like this would be an extreme rarity, but this would be a bandage with an all new set of problems/exploits.

Yeah, that would be sweet.

Uh... no. First, it would be rather futile, since your GM could just promote or demote his alts as desired to whatever permissions he wanted. Second, as GM, one of my best lines of defense against something like that is immediately disabling everyone's gbank access if we think an account is compromised.

Also, since my guild is learning Archimonde and therefore had the pleasure of rapid-repeat chain-wiping (got him to 65% on the first night, though ), I bumped up the repair gold alloted to cover everyone's repair costs from the bank. I like the ability to switch that stuff up as needed.

The bottom line is, a WoW guild is VERY strongly dependent on their GM. By design, it is a monarchy. If you can't trust (or just don't like) your GM, you need to find a new guild.

Ofc i mean to use this in conjunction with the current access requirements, so only officers. So if someone outside the guild finds out the vault key it has no use unless he's promoted to an officer in the guild. The gm would also be able to change the key if for example someone finds out the vault key and makes a realm forum post telling everyone it. Again like i said, the main problem it would fix is friends playing officer characters.

They could simply also apply the 24 hour (or whatever it is) delay on promoted/demotes too. So if the GM for some reason makes 4 alts, named "immastealmoney", immastealmoneytwo", "immastealmoneythree" and "immastealmoneyfour; promotes them to officer, you can press your "oh shit" button and his accound will lose access. It's a guild bank, if a high percentage of the guild points out there's a security risk from an account it should be possible to shut it down.

Wow, the keypad itself would only be available to the people you'd allow. Come on.

A relatively simple but highly frustrating problem i find of the guild bank is the standard users ability to stack items already in the bank. What I wanted to do was have a bank tab where I could fill it with single mark of the illdari. Then when someone needed a flask they would be limited to 1 a day. Unfortunately from some fast testing i found that someone could just stack all the single ones within the tab itself then remove an entire stack. Kind of annoyed me a bit.

No, this would not help at all against keyloggers.

It is relatively simple to modify the keylogger to track mouse movements to see what numbers user enters. Of course the placement/order of the numpad/numbers could vary but modern computers have enough processing power for simple image recognition it takes to find the numpad before user can finish entering the number. And even if the user manages to enter and close the numpad before the keylogger finds it in real time the keylogger could have just saved a screenshot of the game and use it instead of the real game window to figure out the location of the numpad while user happily thinks he is safe.

Of course the keylogger (and the user) could be confused further by using CAPTCHA images instead of normal fonts but that would probably annoy users far too much. In this case I'd say cure would be worse than the disease.

It's not like everyone logs in then goes right to the bank. They log in, do random things for a random ammount of time, then randomly go to the bank when they randomly choose, passing by durotar on the way and having a random chat, as you do, then they go to the bank.

Also remember people don't use the guild bank every time they log in, that's a whole lot of work a logger would have to do to find this key.

It wouldn't help much, granted, but it would help at least a little.

We have two GM's and only they can take items/gold from bank on request of members. Never met any problems with it.

The solution I would prefer.

Have one (or more) tabs with extra security level.
Only certain ranks can withdraw from the tab. Call them rank X+.
Only certain ranks can approve the withdrawal. Call them rank Y+.

When a player of rank X or higher withdraws an item from the extra security tab, N number of players with rank Y or higher will get a popup window saying "player P wants to withdraw J times item I, allow ? yes/no ?".

You can configure the number of players that are required to approve a withdrawal.
You can configure the rank of players that can make an approval.
You can configure the rank of players that are allowed to make a withdrawal.
You can configure the number of players that must approve a change of the approval rules.
If there are not enough people online to approve a withdrawal, nothing can be withdrawn. You have to wait.

This would prevent any single individual to make withdrawals from the guildbank's extra security tab. It doesn't matter if an account got hacked, or whether some player is just malicious.

The only problem now left is that a malicious person could invite alts and promote them to the approval rank. Or rather, because there must be multiple approvers online simultaneously, a hacker needs multiple accounts. He could then invite different characters on different accounts. And promote them so they can all help in his false approval. A solution for that could be things like: 1) guild rank changes must be approved via a similar approval system, or 2) people must be of a certain rank for 48 hours or more, before they can approve withdrawals.

There are still ways to mess up things, like a malicious GM kicking all members from the guild, and then running off with the guildbank. Not much you can do about that, but that problem could happen today as well. I think people might still mess up their approval schemes by mistake, so there must be a way to reset the whole approval system. Maybe have a button "reset stuff", and when someone presses it, 30% of the online guild members (with a minimum of 10) must approve the reset.

The details are a bit more complicated than I would like. But those only kick in when things go wrong. In the day to day usage of the system, you just need to click "approve withdrawal" once in a while. E.g. in a guild with 60 players, and 8 officers, I'd set up the system so that you need 3 officers (or their alts) to approve a withdrawal, and 6 officers to reset the rules (or 15 online guild members). In a system like that, I don't see much easy abuse by hackers or angry players.

If using the on-screen keypad placed to a random location to enter the numerical code CAPTCHA would (try to) prevent automated logging of the code by the keylogger. With suitable CAPTCHA the keylogger would be forced to take a screenshot of the game when the keypad is opened and recording the mouse movements and clicks and just sending the raw data for human processing instead of using automatic image recognition.

Obviously with or without CAPTCHA the numpad system wouldn't really prevent keylogger from logging the required data which was my point in the original reply.

Of course as others pointed out second password/numerical code for the guild bank could prevent access to the guild bank if the user with the keylogger does not access the guild bank while being vulnerable. The real question is if that is enough to annoy majority of users by having two passwords for WoW...

I feel like this would be difficult for blizz to implement considering the number of guild banks holding 10s or 100s of thousands of gold must be fairly low. I do however like the keypad idea. The prospect of a GM losign the password to the guild vault that is likely used on a daily basis and contains significant sources of funds is preposterous.

Our horror story, from a previous guild, was this.

1 GM and 3 tier 2 officers have access, that's it.

I (one of the tier 2 leads) log in to 20ish guildies asking wtf is going on, look at the bank, etc.

The GM and one of the other tier 2's had logged on, cleaned out all Enchant mats, almost all primals, Resist gear for tanks and pretty much anything worth more than 5 gold a stack from teh bank. They then booted almost all of teh officers except me and joined another guild because our progression didnt fit their needs.

I spent the next day giving away the stuff i could to guildies and then tried to get people to good homes, about a 75% effectiveness, but this one event shattered what was a decent raid guild, starting, and dropping bosses in SSC and TK.

So like it was said earlier, you need to trust the top before you really worry about the bottom.

Hate to be a negative nancy, but I had to explain to a few dozen people why the items and gold they deposited were gone, and the tickets essentially went unanswered since they all quit.

Just be aware of what you are doing and you wont lose much, but losing anything still sucks bad.

Cheers,

Maralis

Actually the moral of this thread is the same as real life.

Do not give what you cannot afford to lose.


That is the number one rule to live by. Assume anything you put into the bank is gone forever. If you go by that mindset then you can make the determination as to what needs to go in there. I am not against GMs keeping stuff on mules, hell I keep stuff on mules and give it out when asked