When a website has been compromised, the majority of the time an attacker will have a file on the webserver where they are harvesting credit cards to, some of the time this will be in plain text. This is all being done without the website owners knowledge and 9/10 goes unnoticed. They will let this harvest file build up with card numbers until they are ready to collect their stolen data.
In order to help prevent this from going unnoticed we provide credit card scanning to alert the merchant to this malicious activity to allow the merchant to remove the harvest file and prevent it from expanding in size.
If there is a harvest file on your environment which has not been created by yourself then this more than likely indicates that your website has been compromised and that there is a small piece of code which is writing these card numbers to the harvest file.