secure banking apps

A while ago my bank introduced an online banking app. This allowed me to quickly access my bank account and make payments right from my phone with the best experience. In order to gain access to the app you need to enter a 5 digit pin code.

This however didn't feel that secure to me. I'm an avid online banking user and I normally do it on my laptop via the normal website. In order to log in I need a username and password. When I make a payment I'm prompted to enter a so called TAN code. This code I can either get from a hard copy, a list of codes I could keep in a drawer at home. However, in order to stay mobile I enabled the option to have those codes send to me via text message. So I make a payment, I get a text message with a code, I enter the code on my laptop and the payment is made. The banking app also asks for a code, but now payments are made on the same device. People now only need my phone, the 5 digit pin and they're set to empty my bank account. In the old situation my phone could be used to access the online banking website and receive the text message with, but they would need an username AND a password in order to log in. Therefor I don't use the app.

Maybe I'm wrong in thinking a 5 digit pin is not as secure as an username and password combination, but it got me wondering: what is the most secure option out there that still scores high in usability? Or how should it be done?