diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index 931de16..d9fc0ff 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -44,7 +44,7 @@ class TransactionSerializer(serializers.ModelSerializer):
         'Unmatched Member',
         'Unmatched Purchase',
         'User Flagged',
-    ])
+    ], allow_null=True)
 
     class Meta:
         model = models.Transaction
@@ -62,7 +62,14 @@ class TransactionSerializer(serializers.ModelSerializer):
             validated_data['user'] = member.user
         return super().create(validated_data)
 
+    def update(self, instance, validated_data):
+        member = get_object_or_404(models.Member, id=validated_data['member_id'])
+        validated_data['user'] = member.user
+        return super().update(instance, validated_data)
+
     def get_member_name(self, obj):
+        if not obj.member_id: return 'Unknown'
+
         if obj.user:
             member = obj.user.member
         else:
diff --git a/apiserver/apiserver/api/utils_paypal.py b/apiserver/apiserver/api/utils_paypal.py
index 54368e8..1a6d426 100644
--- a/apiserver/apiserver/api/utils_paypal.py
+++ b/apiserver/apiserver/api/utils_paypal.py
@@ -105,7 +105,7 @@ def build_tx(data):
 def create_unmatched_member_tx(data):
     transactions = models.Transaction.objects
 
-    report_memo = 'Cant link sender name: {} {}, email: {}, note: {}'.format(
+    report_memo = 'Cant link sender name, {} {}, email: {}, note: {}'.format(
         data['first_name'],
         data['last_name'],
         data['payer_email'],
@@ -150,7 +150,7 @@ def create_unmatched_purchase_tx(data, member):
     transactions = models.Transaction.objects
 
     user = getattr(member, 'user', None)
-    report_memo = 'Unknown payment reason: {} {}, email: {}, note: {}'.format(
+    report_memo = 'Unknown payment reason, {} {}, email: {}, note: {}'.format(
         data['first_name'],
         data['last_name'],
         data['payer_email'],
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index d054630..fabcdfd 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -193,11 +193,17 @@ class TrainingViewSet(Base, Retrieve, Create, Update):
         serializer.save(user=self.request.user)
 
 
-class TransactionViewSet(Base, Create, Retrieve, Update):
+class TransactionViewSet(Base, List, Create, Retrieve, Update):
     permission_classes = [AllowMetadata | IsAuthenticated, IsObjOwnerOrAdmin]
-    queryset = models.Transaction.objects.all()
     serializer_class = serializers.TransactionSerializer
 
+    def get_queryset(self):
+        queryset = models.Transaction.objects
+        if self.action == 'list':
+            return queryset.exclude(report_type__isnull=True).order_by('-id', '-date')
+        else:
+            return queryset.all()
+
     def retally_membership(self):
         member_id = self.request.data['member_id']
         member = get_object_or_404(models.Member, id=member_id)
@@ -211,6 +217,11 @@ class TransactionViewSet(Base, Create, Retrieve, Update):
         serializer.save()
         self.retally_membership()
 
+    def list(self, request):
+        if not is_admin_director(self.request.user):
+            raise exceptions.PermissionDenied()
+        return super().list(request)
+
 
 class UserView(views.APIView):
     permission_classes = [AllowMetadata | IsAuthenticated]