Using the client_reference_id field when passing to gateways that store offsite (e.g. MerchantCcOffsite, MerchantAchOffsite), the client_reference_id on a different payment account in Blesta may be stale and no longer be valid as a customer on the gateway.

The resolution would be two-fold:

1. Update the core Accounts::getClientReferenceId to check that the status is 'active'.
   • Only use old active payment accounts as a reference, as they are most likely to be valid.
   • Order by the most recent account, as it is most likely to be valid.
   • Also accept another optional argument, type, that can be used to specify whether to check CC or ACH accounts for a client reference ID, and use that one. This has the caveat of creating separate customer accounts for CC and ACH payment accounts on the gateway. GatewayPayments::storeAccount will need to be updated to pass the type to that method call.
2. Each gateway that stores offsite with ::storeCc or ::storeAch should be updated to check that the client_reference_id provided is actually valid, and if not, create a new account that can be used for the client_reference_id for the payment account.
   • Each gateway should be a subtask in this story

When creating a payment account using Authorize.net CIM (tokenization) an error may be encountered:

E00040 The record cannot be found. See https://developer.authorize.net/api/reference/features/errorandresponsecodes.html

This seems to occur when a Payment account was previously created, and then deleted under the client. In the accounts_ach (and possibly accounts_cc for Credit Cards) table, the record exists but the status is marked as "inactive". The client_reference_id from this inactive Payment Account is passed along when making a createCustomerPaymentProfileRequest to Authorize.net while adding a new Payment Account. Creating a new Payment Account should not pass along the client_reference_id for the inactive Payment Account. At least I don't think so.