See below for how to correctly populate the “cardReference” field into omnipay. It needs to be a valid JSON string. Preferably you should use json_encode, however I’ve copied it out as a full string for clarity.

$request = $this->gateway->purchase(
	[
		'amount' => $params['amount'],
		'currency' => 'USD', 
		'cardReference' => '{"customerProfileId": '.$profileId.', "customerPaymentProfileId": '.$paymentProfileId.'}',
		'transactionId' => $params['transactionId'],
		'description' => $params['description']
	]
);
$response = $request->send();
$data = $response->getData();

This is used in the popular Omnipay PHP library to integrate Authorize.net CIM profile management.

Read more in the official docs: https://developer.authorize.net/api/reference/index.html#payment-transactions-charge-a-customer-profile