In WCF there are two types of Security, transport level security and message level security. Transport Level Security: It happens at the channel level. WCF uses transport protocols like TCP, HTTP, MSMQ etc and these protocols have their own security mechanisms. HTTPS is implemented over HTTP protocols with SSL providing the security mechanism. No coding change is required it's more of using the existing security mechanism provided by the protocol.HTTPS use SSL TCP uses Transport Layer Security(TLS) Can require clients to pass credentials for authentication.Message Level Security: It is implemented with message data itself. Due to this it is independent of the protocol. Messages are encrypted based on WS-Security standard and signed before they are sent.Default Security Setting: BasicHttpBinding - No security because interoperable with ASMX. WsHttpBinding - Message Level Security, message are encrypted as ws security standared & message are signed. NetTcpBinding - It is applied at OS level(Netword & Transport level) and are done before the message are sent either client to server or vice versa. Message are not encrypted but packets are encrypted.