How Purchases Appear on Bank Statements
Published May 5, 2025 · Last updated May 23, 2026
A purchase appears on your bank statement as a merchant descriptor, a short line built from the seller's legal business name plus, often, a code identifying the payment processor that handled the transaction. That is why a charge can look nothing like the storefront you actually visited: the coffee shop on the corner might show up as its owner's company name with a SQ prefix, because it runs payments through Square. The charge is usually legitimate; it is just wearing the name of the business behind the brand and the processor behind the till.
- What you see is a descriptor. It combines the merchant's doing-business-as (DBA) name with optional processor and location data.
- Prefixes name the processor. SQ marks Square, PP or PAYPAL marks PayPal, TST marks Toast.
- Names get truncated. Character limits mean brands appear shortened, capitalized, or as a legal entity you do not recognize.
- Looking wrong is not the same as being wrong. Most unfamiliar-looking charges are real purchases under an unfamiliar name.
- You can trace it. Searching the full descriptor text usually reveals the business, and genuine unknowns can be disputed with your card issuer.
Why a charge looks different from the store you visited
The mismatch comes from two layers between you and the merchant: the business's legal identity and the payment processor. Neither is the brand name on the sign, and the descriptor is assembled from them rather than from how you think of the store. Here is what each part contributes.
- The doing-business-as name. A shop's legal entity often differs from its storefront brand. The descriptor commonly uses the DBA value the merchant supplied when setting up payments, so a cafe called by one name may bill under a parent company.
- The payment processor. Small merchants frequently use a shared processor that stamps its own prefix onto the descriptor, so the processor's tag appears before the merchant name.
- Truncation and formatting. Descriptor fields have character limits, so long names are cut off and capitalized, sometimes leaving only a fragment of the real business name.
- Location and contact data. Some descriptors append a city, state, or customer-service phone number the merchant provided at signup.
This is closely related to the cryptic codes elsewhere on your statement; if the rest of the line confuses you too, see our glossary of statement descriptions and abbreviations.
The processor prefixes you will recognize once you know them
A few processor prefixes show up constantly because the platforms behind them power millions of small merchants. Once you can read the prefix, you immediately know the charge ran through a shared platform and the text after it is the actual seller.
| Prefix | Processor | Where you typically see it |
|---|---|---|
| SQ* | Square | Coffee shops, food trucks, salons, boutiques, and countless small businesses |
| PP* / PAYPAL* | PayPal | Online sellers and marketplaces; PP*ETSY means an Etsy seller paid via PayPal |
| TST* | Toast | Restaurants using the Toast point-of-sale system |
| SP* | Various e-commerce platforms | Online stores using a hosted checkout that stamps an SP prefix |
So a line reading SQ followed by a name you do not know is almost always a small local merchant on Square, not a mystery charge. Reading the prefix first, then the name, resolves the large majority of these.
The mechanics that explain the mismatch
- The DBA value is supplied by the merchant. If the business provided a doing-business-as name at signup, that is what shows; otherwise the descriptor can fall back to the owner's name, which is why a charge sometimes reads as a person rather than a store.
- Prefixes identify the processing system, not the seller. A prefix like SQ or TST tells you which platform routed the payment; the merchant identity is the text that follows it.
- Descriptors are length-limited. Because the field is capped, names are truncated and capitalized, and extra fields like phone or city are squeezed in, which is the structural reason a familiar brand can look unfamiliar.
Identifying and, if needed, disputing an unfamiliar charge
When a descriptor does not click, work it methodically before treating it as fraud. The order matters because most surprises resolve at the first or second step. Begin with the descriptor text itself.
- Separate the prefix from the name. Identify the processor tag, then read the merchant text after it, remembering it may be a DBA or a truncated brand.
- Search the exact descriptor. Paste the full text into a search engine inside quotation marks; this commonly reveals the merchant or others discussing the same line.
- Reconcile amount and date. Match the charge against receipts, subscriptions, free trials that converted to paid, and anything bought by family members or stored in apps.
- Contact the merchant or issuer. If the descriptor includes a phone number, the merchant can often identify the sale. If it remains genuinely unknown, dispute it.
If after all that the charge is truly unauthorized, dispute it with your card issuer promptly. Federal protections give you a window to report billing errors on a credit card and unauthorized electronic fund transfers on a debit card, generally within 60 days of the statement that shows the charge, so do not delay once you are sure. For where these lines sit in the document overall, our guide to reading a bank statement gives the full picture.
Why credit and debit disputes are not the same
How you paid changes your protection, and that is worth knowing before a charge ever goes wrong. Credit-card and debit-card disputes run under different federal rules, Regulation E for debit and Regulation Z for credit, and the practical upshot is that a credit card generally gives you stronger leverage over a contested charge.
| Aspect | Credit card | Debit card |
|---|---|---|
| Governing rule | Fair Credit Billing Act, implemented by Regulation Z | Electronic Fund Transfer Act / Regulation E |
| Money at stake while disputing | The disputed amount is the issuer's until resolved, so your own cash is not gone | The money already left your account and you wait for it to be credited back |
| Reporting window | Generally within 60 days of the statement showing the error, under the Regulation Z billing-error rules | Generally within 60 days of the statement showing the error, but reporting a lost card or fraud fast limits your liability |
| Disputes over bad or undelivered goods | Stronger protections to withhold payment in many cases | More limited; federal law gives fewer rights to stop payment on defective purchases |
This is not advice to avoid debit cards, and the deadlines above are general rather than absolute. The point is simply that the same unfamiliar charge can be easier or harder to claw back depending on how it was paid, so for large or higher-risk purchases many people prefer the credit-card route precisely because the disputed money stays in their account while the issuer investigates. Whichever you used, the first move is the same: trace the descriptor, confirm it is genuinely unauthorized, then file promptly and keep a record of your report.
Why grouping by descriptor exposes the real story
From normalizing statements across hundreds of bank templates into clean dated ledgers, the clearest pattern is that processor-prefixed charges from the same merchant reuse the exact same descriptor string every time. That consistency is invisible when the charges are scattered down a PDF a month apart, but the instant the data sits in sortable columns, every SQ, PP, or TST line from one seller clusters together. That grouping is what turns a confusing string into a recognizable purchase: you see the same descriptor recur on the days you actually visited that cafe or paid that subscription. The practical move for anyone puzzled by their charges is to get the descriptors into rows and sort by them, because recognition comes from seeing the repetition, not from staring at one isolated line.
Turning confusing charges into a clear record
Unfamiliar charges are mostly a recognition problem, and recognition gets easy when the descriptors live in a spreadsheet instead of a locked PDF. Converting your statement to Excel or CSV lets you sort by descriptor, group every charge from the same merchant or processor, and instantly see what recurs versus what stands alone. Read the processor prefix, read the merchant name behind it, sort the data, and the line that looked like fraud usually turns out to be the coffee you bought on Tuesday.
Doing this once a month also builds a quiet defense against real fraud. When you already know your own descriptors, the SQ line for your usual cafe, the PP line for a subscription, the TST line for a regular restaurant, a charge that does not fit the pattern jumps out instead of hiding in a crowd of cryptic strings. The genuinely unfamiliar charges become a short list rather than a guessing game, and that short list is exactly where your attention belongs. The handful that survive the trace are the ones worth disputing, and you will spot them faster every cycle.
Frequently asked questions
Why does a charge look different from the store I bought from?▾
Your statement shows a merchant descriptor built from the business's legal doing-business-as name plus the payment processor it uses, not the storefront brand. So a local cafe on Square can appear as its parent company with an SQ prefix.
What does SQ mean on a bank statement?▾
SQ is the processor prefix for Square. The text after it is the actual merchant, usually a small business like a coffee shop, food truck, salon, or boutique that uses Square to process card payments.
What does PP or PAYPAL mean on a charge?▾
PP or PAYPAL indicates the payment was processed through PayPal, with the merchant name following the prefix, often truncated. For example, PP*ETSY means you paid an Etsy seller through PayPal.
Is an unfamiliar-looking charge always fraud?▾
No. Most charges that look wrong are legitimate purchases shown under a merchant's legal name or a processor prefix rather than the brand you recognize. Trace the descriptor and match the amount and date before assuming fraud.
How do I find out what a merchant descriptor is?▾
Separate the processor prefix from the merchant name, then copy the full descriptor into a search engine inside quotation marks. Match the amount and date to your receipts and subscriptions. If it includes a phone number, the merchant can often identify the sale.
How long do I have to dispute an unfamiliar charge?▾
Federal protections generally give you 60 days from the statement showing the charge to report a billing error or unauthorized transaction, so act promptly once you confirm a charge is genuinely not yours.