Nothing to do with a banking app. Call from "your phone" which is associated with your account, request User ID be texted to you via "forgot user ID" on website. Then request to reset password via website. That's sent to "your phone" as well. Then change password and gain access to online account. Change PIN, wire yourself money, and then cancel service on "your phone" so the person has trouble reporting it and can't just do the same thing to gain control of the account back.
The app can actually be more secure, in that you can set it to require a fingerprint or facial recognition. Of course now I find out USAA has a physical key fob thing you can request as well, which will generate a one time code each time you need to access something online.
*oh, and some folks have asked how they knew where I bank. Since they had my records, they could see what bank I used to pay my phone bill, which was USAA.
That keyfob thing kept people from stealing my world of Warcraft account for years. Some nerd grew up got a job in cyber security and moved it into banking lol. The random number generator is actually more secure than my banking app. I don't play the game anymore but I keep the app (moved away from the keyfob) on my phone and my account locked (incase I become single again someday), to transfer the app and make it work on another phone it requires a code from the physical phone it was on prior.